[K12OSN] radius

[Mike Rambo]

I hope this doesn't sound stupid (but even if it does...).

I've never dealt with radius before. The legislature here has voted
money to put laptops with wireless access in the hands of all 6th
graders in the state. I won't mention anything about how the equipment
is routinely trashed by the students in the building experimentally
running this program already (oops - let the cat out of the bag ;). In
any case, certain things are not funded by the program. One example is a
process to secure our networks against every tom, dick, and harry that
wanders near the required wireless access points with their own wireless
device. Anyway, enough of the background...

I've been searching for information about radius. None of us here have
any past experience with it but we need to set something up. I have
freeradius running. I have a cisco AP350 wireless access point working.
I have a wireless iBook to play with. I've googled everything I can
think of but the info I've found is pretty sketchy at best. I think my
biggest problem is understanding the process that is supposed to occur
so I can configure everything.

Can anyone describe the steps in the authentication process when a
wireless client comes online from the client through the AP, to the
radius server? I've been told they want the authentication to be by mac
address rather than a user logon (if that is even possible - seems like
all the docs for radius talk about authenticating by user at realm). Seems
to me it might be easier to set up a dhcp server and control routing of
ip's associated with given mac addresses but that would involve machines
at all wireless locations and they want all access to be centralized. I
think I'm stuck configuring freeradius but since I'm not sure what's
supposed to happen I'm at a loss for what to do next.

Thanks for any help you can provide.


-- 
Mike Rambo
mrambo at lsd.k12.mi.us

Computers are a lot like air conditioners.
They don't work well with windows open...