(RADIATOR) Orinoco AP-500/1000 MAC auth problem

[Bon sy]

On Mon, 23 Sep 2002, Karl Gaissmaier wrote:

> >         I managed to get the RADIATOR to talk to the AP, but the AP
> > initially did not authorize wireless access properly even it receives the
> > access authentication. Apparently (Naturalick) I missed to include in the
> > reply the user-name and NAS-IP-address information.
> 
> I don't need this Reply Attributes, really. Are you really sure this
> is needed in your environment? If this is the truth, perhaps we should
> talk about Firmware versions, but since AP500 V.3.83 it was really not
> necessary
> to spend reply attributes here in my environment, just "empty" Access
> Accept packets.
> 

My AP-500 has V3.95. Since the AP serves more than just one wireless
device, it seems reasonable that AP needs to know which MAC address
username the RADIUS is granting the access. NAS-IP-address I know for sure
is necessary in my case since the AP is behind a firewall, and the
AP request (on behalf of the wireless device) is NATed and sent through a
router to the RADIUS in another network. The inbound message from the
RADIUS to the router certainly has to provide NAS-IP-address information
for the router to know which device behind the firewall should pick up
(without a broadcast through the entire subnet).

Bon




===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.