[K12OSN] radius

[Mark Gumprecht]

I do not have experience with radius, but I did have the same problem. I 
created an access list for the airport (airport admin utility)  via MAC 
addresses. It was time consuming, and I'm sure there is a guru out there 
that knows an easier way, but then I exported the list and imported it 
into all the other airports. This kept only the appropriate computers 
from using the federally purchased equipment. All the other non-federal 
airports are  set up as bridges, and the MAC address is in the dhcp 
server. No entry in the server, no access to the network. Haven't had 
any problems yet with kids putting in statics yet....
Hope this helps.
Mark

Mike Rambo wrote:

>I hope this doesn't sound stupid (but even if it does...).
>
>I've never dealt with radius before. The legislature here has voted
>money to put laptops with wireless access in the hands of all 6th
>graders in the state. I won't mention anything about how the equipment
>is routinely trashed by the students in the building experimentally
>running this program already (oops - let the cat out of the bag ;). In
>any case, certain things are not funded by the program. One example is a
>process to secure our networks against every tom, dick, and harry that
>wanders near the required wireless access points with their own wireless
>device. Anyway, enough of the background...
>
>I've been searching for information about radius. None of us here have
>any past experience with it but we need to set something up. I have
>freeradius running. I have a cisco AP350 wireless access point working.
>I have a wireless iBook to play with. I've googled everything I can
>think of but the info I've found is pretty sketchy at best. I think my
>biggest problem is understanding the process that is supposed to occur
>so I can configure everything.
>
>Can anyone describe the steps in the authentication process when a
>wireless client comes online from the client through the AP, to the
>radius server? I've been told they want the authentication to be by mac
>address rather than a user logon (if that is even possible - seems like
>all the docs for radius talk about authenticating by user at realm). Seems
>to me it might be easier to set up a dhcp server and control routing of
>ip's associated with given mac addresses but that would involve machines
>at all wireless locations and they want all access to be centralized. I
>think I'm stuck configuring freeradius but since I'm not sure what's
>supposed to happen I'm at a loss for what to do next.
>
>Thanks for any help you can provide.
>
>
>  
>

-- 
Mark Gumprecht
Data Systems Specialist
MSAD#3
Unity, Maine 04988
Gumprechtm at msln.net