Deployment of MAC Address Authentication based on Freeradius

User's Login

Wireless Forums Mobile News FAQ & Tutorials Recommend us Top content Wireless Links Link to us Contact us Partners About us

Latest Blog Articles

Stimulus Package Or Environmental Ethics, What Powers Cisco's IP Smart Grid Wireless Wi-Fi Transfer With Resume Capability Possible With WirelessGet 4G, Wi-Fi / WiMax and IPv6 Interoperability The Complete Mobile Solution Blogs Now Launched For Readers And Inviting Candidate Bloggers Community Blogs!

Technology Events

NewsLetters

You are currently not logged in, but you can still subscribe to our newsletter.

Search

Deployment of MAC Address Authentication based on Freeradius

Tutorial Paper (Gianluigi Me, PhD).

One of the most popular Wi-Fi access control mechanisms is MAC address check via RADIUS server authentication. The purpose of this paper is to show how to set-up an environment based on MAC authentication and freeradius, an open source implementation of RADIUS.

Deployment of MAC Address Authentication based on Freeradius
(Gianluigi Me, PhD)

Introduction
One of the most popular Wi-Fi access control mechanisms is MAC address check via RADIUS server authentication. The purpose of this tutorial paper is to show how to set-up an environment based on MAC authentication and freeradius, an open source implementation of RADIUS.

Since E/B SSID is only a Service Set Identifier, IEEE 802.11a provides the following authentication methods:

1) Open authentication, providing void authentication

2) Shared key authentication, based on challenge-response access method, with well-known vulnerabilities (plaintext/ciphertext attack for a man in the middle).

For these reasons, manufacturers have implemented (out of the standard 802.11a) different access control mechanisms. For example, MAC Address control via RADIUS server.

RADIUS configuration and MAC address control, depicted in this paper, can be further used in 802.1X authentication of 802.11i.

Architecture overview
The architecture has 3 actors: a client, claiming for authentication via MAC address control, a Network Access Server (NAS) which controls and forwards clients request to RADIUS server (Figure 1) whose only purpose is to check on selected database if the client credentials are correct.

The NAS is an ORINOCO AP-500 and clients are PSION NETPAD 5520 (with integrated wireless equipment), MAC 00022d-539778 and IP 153.69.254.220, IBM Thinkpad A21 equipped with an Avaya Silver Card, MAC 00022d-3270e3 and IP 153.69.254.53. RADIUS server runs on a Linux-Mandrake 9.0 PC.

Figure 1 : Architecture

The first step to enable access control is to create an access control table file (*.tbl in AP-500) using the AP Manager application.

On client request, the Access Point will check on its Access list ( Figure 2 )if client is accepted to send access request to RADIUS server.

Figure 2 :ACL

Bio: Dr Gianluigi Me is a staff member of the Wi-Fi Technology Forum and a WLAN editor. With years experience on network security (especially on mobile architectures), he is an IEEE author and a Lecturer at the University Tor Vergata of Rome, Italy.

Added: Thursday, October 28, 2004
Submitter: Administrator | webmaster@wi-fitechnology.com
Score:
hits: 16989
Language: eng
Page: 1/3

Wi-Fi Technology Forum - Wireless Reports and Papers

User's Login

Latest Blog Articles

Technology Events

NewsLetters

Search

Next (2/3)

[ Back to papers index ]