[ previous ] [ next ] [ threads ]
 
 From:  "Ryan Wagoner" <Ryan at wgnrs dot dynu dot com>
 To:  <waa dash m0n0wall at revpol dot com>, "Tim Vaughan" <talltim at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Hotspot/radius using m0n0 captive portal: does this setup seem sensible?
 Date:  Tue, 28 Mar 2006 09:18:38 -0500
Adding to this...

If you reflash the wrt54gs with the DD-WRT opensource image, I know it has radius authentication as
well as WDS to combine the access points. That way a user just picks one wireless network and will
roam on the access points.

Ryan

-----Original Message-----
From: mtnbkr [mailto:waa dash m0n0wall at revpol dot com]
Sent: Tue 3/28/2006 8:49 AM
To: Tim Vaughan
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Hotspot/radius using m0n0 captive portal: does this setup seem sensible?
 
Tim Vaughan wrote:
> I've been asked to help install a large wireless network at a
> community education project I volunteer at.  My current plan is to use
> m0n0wall with a switch connected to the DMZ interface.  Coming off the
> switch will be several WRT54Gs with the network cable plugged into one
> of the LAN ports, making them all transparent bridges.  The plan is
> that anyone can choose the strongest wireless connection and will then
> authenticate via the captive portal on the m0n0wall with its own
> RADIUS server.
> Is this a sensible setup?  It seems to me to be the simplest way of
> covering a large area with a wireless network and still permitting
> authentication and user management.
> Any better ideas would be gratefully received!
> 
> Tim

I don't know of the capabilities of the WRT54Gs  but here's what I would do:

Use 802.1x WPA/WPA2 capable APs and connect them to the switch. I have
been successful (though not entirely happy) with USR's 5461 Wireless
routers. Their 5451 Wireless AP's do not support 802.1x, but their
website at one time said they did.

Configure your APs or routers, and your RADIUS server appropriately

Configure m0n0wall to allow RADIUS traffic to the RADIUS server from
each of the APs

Configure 802.1x clients


This way, you have RADIUS authentication like you were looking for but
you also have STRONG encryption.

People can not capture login and password info etc. You are not using a
shared key (as with WEP). You and your client may sleep easy.

Now, you may ALSO enable the captive portal, but not require a
long/password on the captive portal page since a user being directed to
is has already authenticated to your RADIUS server.

My $0.02   Hope this helps

--
Bill Arlofski
Reverse Polarity



---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch