[Noisebridge-discuss] WPA ant other network Q's
joel jaeggli
joelja at bogus.com
Thu Jun 3 06:25:48 UTC 2010
On 2010-06-02 23:00, Ryan Castellucci wrote:
> On Wed, Jun 2, 2010 at 7:09 PM, Jonathan Lassoff<jof at thejof.com> wrote:
>> Excerpts from Ryan Castellucci's message of Fri May 28 17:07:48 -0700 201
>>> Centralized WPA authentication doesn't require anything proprietary,
>>> WPA/WPA2-Enterprise works with FreeRADIUS just fine.
>>
>> Even on dumb APs that are just acting as bridges? The AP (or whatever
>> can get at the raw 802.11 frames) needs to support doing so.
>> That's what I was getting at.
>>
>> It's pretty widely supported, but it's nice that even "junker" APs work
>> for noisebridge's purposes.
>
> I have never seen an AP that with 802.11g support that didn't support
> WPA/WPA2-Enterprise. "Dumb" aps... the cheap low end ones are not
> dumb. They have to take care of handling management frame, track
> associations, etc. Real "Dumb" APs - ethernet attached radios - are
> fairly expensive. Such systems centralize management functions to a
> 'wireless switch'. They do let you do things like have a single
> virtual AP covering a large area.
ironically "dumb ap's" like the meru or aruba unit's have to do so much
heavy lifting that they're in fact quite powerful devices. their
software stack is pretty thin because the outsource a bunch of
functionality to a centralized controller. I've run a couple of large
60-100ap aruba deployments and while it's fun due to some of the magic
the controllers can perform it has it usefulness limits at the low end...
Ironically (agin I guess) what normally has problems with wpa2
enterprise authetication is windows xp, unless the third party device
driver and stack (e.g. intel's for example) support it.
for ietf meetings we provide 802.1x authentication with the ultra secret
username and password of ietf ietf which allows (oddly the ssid is also
ietf1x) users to take advantage of perfect forward secrecy without
having to distribute authentication credentials or engage in certificate
management.
my other favorite approach is that ssid strings are a maximum of 32
characters in length so an ssid protected with wpa2 psk that has and
ssid like:
keyisTYPEULTRASECRETKEY
is pretty obvious what to do with.
casa del joel on the other hand just runs open so your milage may vary.
More information about the Noisebridge-discuss
mailing list