Re: [m0n0wall] Spoofing max adresses

From:	Jim Thompson <jim at netgate dot com>
To:	"Nantel Mathieu" <mnantel at microserv dot ca>
Cc:	'm0m0' List <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] Spoofing max adresses
Date:	Wed, 4 May 2005 11:05:47 -1000

On May 4, 2005, at 10:34 AM, Nantel Mathieu wrote:

>> Ok. Do you know if there is a captive portal which prevent
>> from that ??
>> (except talweg captive portal)
>>
>> I have an idea, but I don't know if it is possible.
>>
>> I would like to contact the freeradius server.A person A
>> gives his login and password. A radius server is contacted,
>> in the response, ii give an attribute for example
>> Reply-Message = vlan 1 . Is it possible to put users in vlan
>> as that ??
>
> Yes, and it's even standardized: it's called 802.1x. However, typically
> the 802.1x supplicant (the workstation) will provide credentials to the
> authenticator (the switch port)
or AP
>  which in turn will pass on the info to
> the authentication server (the radius or tacacs+ server).

The slightly more modern way is WPA (or WPA2).

All that work is in -current, which is 6.0.  Leffler says it would be 
quite a task to
backport it to 5.3, never mind 4.11, so its going to be a while before 
these show
up on m0n0.

jim