Wi-Fi Technology Forum - Wireless Mobile News and Forums Setup Your Own Wi-Fi Hotspot

Wi-Fi Technology Forum - Wireless Mobile News and Forums

User's Login





 


 Log in Problems?
 New User? Sign Up!

News & Articles

Partners

Wi-Fi Hotspots Directory

NewsLetters

You are currently not logged in, but you can still subscribe to our newsletter.



Search


Other Resources



Wi-Fi News Archive

Search Archive

Past Articles

  • Tuesday, September 23
  • Eye-Fi Plans To Expand Distribution Internationally To Japan And Canada
  • Monday, September 22
  • Rajant's Wireless Mesh Networking Solution Deployed In Australia
  • New Start-up Danish Company Introduces Latest Wi-Fi Solution
  • Thursday, September 18
  • Sensium™ Intelligent Wireless Body Monitoring System On Show at San Francisco IT Event
  • Tuesday, September 16
  • CommProve Secures $14 Million Financing To Support International Expansion
  • Thursday, September 11
  • 4ipnet Addresses Business Demand With A New Wireless Office Solution
  • Tuesday, September 09
  • Israeli Fabless Semiconductor Company Percello Announces $12 million Series B financing
  • Tuesday, September 02
  • University of Macau Deploys Campus-Wide Aruba Adaptive Wireless LAN
  • Thursday, August 21
  • WeFi Launched on Symbian For Easy Wi-Fi Access Including Nokia S60
  • Thursday, August 14
  • Crossover To Promote ADC’s InterReach Wireless Systems in Canada

    • Categories Menu

    -Announcements (Nov 12, 2004)
    -Business and Market (Nov 08, 2006)
    -Cellular & Mobile Media (May 06, 2008)
    -Conferences and Events (Sep 18, 2008)
    -Corporate News (Oct 09, 2008)
    -Finance, Investment and Stocks (Sep 16, 2008)
    -getting unwired, un-wired or dewired (Sep 24, 2003)
    -ISP Watch! (Apr 01, 2005)
    -Manufacturers and Products (Oct 14, 2008)
    -Mobile, Pocket and Handheld (Oct 14, 2008)
    -Prints and Publications (Jul 12, 2006)
    -Reports and Papers (Apr 15, 2008)
    -Security & Encryption (Feb 25, 2008)
    -Software and Solutions (Oct 03, 2008)
    -Standards & Certification (Mar 19, 2008)
    -Technology Trends and Markets (Jul 09, 2007)
    -Telecommunications (Jul 15, 2008)
    -Wi-Fi Hotspots and Providers (Oct 01, 2008)
    -WISPs News (Jul 28, 2008)

    Deployment of MAC Address Authentication based on Freeradius




    Tutorial Paper (Gianluigi Me, PhD).

    One of the most popular Wi-Fi access control mechanisms is MAC address check via RADIUS server authentication. The purpose of this paper is to show how to set-up an environment based on MAC authentication and freeradius, an open source implementation of RADIUS.

    Bio: Dr Gianluigi Me is a staff member of the Wi-Fi Technology Forum and a WLAN editor. With years experience on network security (especially on mobile architectures), he is an IEEE author and a Lecturer at the University Tor Vergata of Rome, Italy.




    Deployment of MAC Address Authentication based on Freeradius
    (Gianluigi Me, PhD)

    Introduction
    One of the most popular Wi-Fi access control mechanisms is MAC address check via RADIUS server authentication. The purpose of this tutorial paper is to show how to set-up an environment based on MAC authentication and freeradius, an open source implementation of RADIUS.

    Since E/B SSID is only a Service Set Identifier, IEEE 802.11a provides the following authentication methods:

    1) Open authentication, providing void authentication

    2) Shared key authentication, based on challenge-response access method, with well-known vulnerabilities (plaintext/ciphertext attack for a man in the middle).

    For these reasons, manufacturers have implemented (out of the standard 802.11a) different access control mechanisms. For example, MAC Address control via RADIUS server.

    RADIUS configuration and MAC address control, depicted in this paper, can be further used in 802.1X authentication of 802.11i.

    Architecture overview
    The architecture has 3 actors: a client, claiming for authentication via MAC address control, a Network Access Server (NAS) which controls and forwards clients request to RADIUS server (Figure 1) whose only purpose is to check on selected database if the client credentials are correct.

    The NAS is an ORINOCO AP-500 and clients are PSION NETPAD 5520 (with integrated wireless equipment), MAC 00022d-539778 and IP 153.69.254.220, IBM Thinkpad A21 equipped with an Avaya Silver Card, MAC 00022d-3270e3 and IP 153.69.254.53. RADIUS server runs on a Linux-Mandrake 9.0 PC.






    Figure 1 : Architecture

    The first step to enable access control is to create an access control table file (*.tbl in AP-500) using the AP Manager application.

    On client request, the Access Point will check on its Access list ( Figure 2 )if client is accepted to send access request to RADIUS server.









    Figure 2 :ACL


    Added:  Thursday, October 28, 2004
    Submitter: Administrator | webmaster@wi-fitechnology.com
    Score:
    hits: 12615
    Language: eng
    Page: 1/3

    Next (2/3) Next




    [ Back to papers index ]