Deployment of MAC Address Authentication based on Freeradius

Wi-Fi Forums | Latest Wi-Fi Discussions | Wireless Directory | Compare Prices | Home

Deployment of MAC Address Authentication based on Freeradius

Tutorial Paper (Gianluigi Me, PhD).

One of the most popular Wi-Fi access control mechanisms is MAC address check via RADIUS server authentication. The purpose of this paper is to show how to set-up an environment based on MAC authentication and freeradius, an open source implementation of RADIUS.

Bio: Dr Gianluigi Me is a staff member of the Wi-Fi Technology Forum and a WLAN editor. With years experience on network security (especially on mobile architectures), he is an IEEE author and a Lecturer at the University Tor Vergata of Rome, Italy.

Deployment of MAC Address Authentication based on Freeradius
(Gianluigi Me, PhD)

Introduction
One of the most popular Wi-Fi access control mechanisms is MAC address check via RADIUS server authentication. The purpose of this tutorial paper is to show how to set-up an environment based on MAC authentication and freeradius, an open source implementation of RADIUS.

Since E/B SSID is only a Service Set Identifier, IEEE 802.11a provides the following authentication methods:

1) Open authentication, providing void authentication

2) Shared key authentication, based on challenge-response access method, with well-known vulnerabilities (plaintext/ciphertext attack for a man in the middle).

For these reasons, manufacturers have implemented (out of the standard 802.11a) different access control mechanisms. For example, MAC Address control via RADIUS server.

RADIUS configuration and MAC address control, depicted in this paper, can be further used in 802.1X authentication of 802.11i.

Architecture overview
The architecture has 3 actors: a client, claiming for authentication via MAC address control, a Network Access Server (NAS) which controls and forwards clients request to RADIUS server (Figure 1) whose only purpose is to check on selected database if the client credentials are correct.

The NAS is an ORINOCO AP-500 and clients are PSION NETPAD 5520 (with integrated wireless equipment), MAC 00022d-539778 and IP 153.69.254.220, IBM Thinkpad A21 equipped with an Avaya Silver Card, MAC 00022d-3270e3 and IP 153.69.254.53. RADIUS server runs on a Linux-Mandrake 9.0 PC.

Figure 1 : Architecture

The first step to enable access control is to create an access control table file (*.tbl in AP-500) using the AP Manager application.

On client request, the Access Point will check on its Access list ( Figure 2 )if client is accepted to send access request to RADIUS server.

Figure 2 :ACL

Added: Thursday, October 28, 2004
Submitter: Administrator
Score:
hits: 10797
Language: eng
Page: 1/3

Next (2/3)

[ Back to papers index ]

User's Login

News & Reviews

Main Menu

Partners

CoSoDo - Computer Software Download, upload, news and forums!

Free Publications

Free Telecom & Wireless Publications

NewsLetters

You are currently not logged in, but you can still subscribe to our newsletter.

Terms & Privacy Policy

Terms & Privacy

Wi-Fi Wireless Forums: Mobiles & PDAs | Wireless Software | Operating Systems | Wirelss Hardware | Wirelss Security | ...More >>

News:

Forums:

For syndicating our news use the file backend.php , or contact: support@wi-fitechnology.com

"We need to think of ways to bring wireless-fidelity applications to the developing world so as to make use of unlicensed radio spectrum to deliver cheap and fast Internet access". Kofi Annan, November 5th, 2002

Wi-Fi Technology Forum - Wireless Mobile News and Forums