Quote:
Originally Posted by DaKahuna
Our WAP's are active 24x7 and broadcast the SSID. Want to associate with them, go right ahead but to get an IP address you have to get past the RADIUS authentication.
|
Bingo!! 802.1x is a wonderful thing when you finally get it right. Of course, one of my Novell customers now wants single signon for his Netware domain. They have now learned the old saying "Be careful what you ask for". FreeRadius to LDAP to EDirectory is not a pretty thing, and I don't touch Novell servers.
We have a couple of customers that run SNMP scripts to turn on and off profiles in to allow the APs in the conference rooms to accept Guest signons during the nights and hours of board meetings and such. This was started off by a workaround for 200 APs that would go brain-dead if not reset at least once per week. Now a script does a rolling reset of every AP every other night.
Now that the network has been locked down at one customer's schools, the first people to complain were the Sheriff's deputies. They were used to slipping into the school parking lots in the south end of the county at night to get on the internet. We are going to give them Radius IDs that can be tracked and limit what they can do (no pr0n surfing).
Thread content: It is about time for Methusa.....Thorn to jump in here and remind everyone that broadcasting the SSID is part of the spec and the only way to make roaming work.
MikeP