Tim Vaughan wrote:
> I've been asked to help install a large wireless network at a
> community education project I volunteer at. My current plan is to use
> m0n0wall with a switch connected to the DMZ interface. Coming off the
> switch will be several WRT54Gs with the network cable plugged into one
> of the LAN ports, making them all transparent bridges. The plan is
> that anyone can choose the strongest wireless connection and will then
> authenticate via the captive portal on the m0n0wall with its own
> RADIUS server.
> Is this a sensible setup? It seems to me to be the simplest way of
> covering a large area with a wireless network and still permitting
> authentication and user management.
> Any better ideas would be gratefully received!
I don't know of the capabilities of the WRT54Gs but here's what I would do:
Use 802.1x WPA/WPA2 capable APs and connect them to the switch. I have
been successful (though not entirely happy) with USR's 5461 Wireless
routers. Their 5451 Wireless AP's do not support 802.1x, but their
website at one time said they did.
Configure your APs or routers, and your RADIUS server appropriately
Configure m0n0wall to allow RADIUS traffic to the RADIUS server from
each of the APs
Configure 802.1x clients
This way, you have RADIUS authentication like you were looking for but
you also have STRONG encryption.
People can not capture login and password info etc. You are not using a
shared key (as with WEP). You and your client may sleep easy.
Now, you may ALSO enable the captive portal, but not require a
long/password on the captive portal page since a user being directed to
is has already authenticated to your RADIUS server.
My $0.02 Hope this helps