zjohnr
Regular Contributor
As I've mentioned in some posts on other topics, I've installed a TrendNet TEW-637AP access point on the small (~20 PCs) Windows Server 2003 based LAN network of a non-profit I volunteer at. Currently it is configured to 802.11g only with WPA2/AES using a 63 char hex password. (There's a bug in the 637AP's firmware which prevents it from accepting a 64 char password. )
After I installed it and sent out an email letting the staff know it was there, it was promptly ... ignored. I sort of expected that.
But at a "board meeting" last week someone noticed their PC had found a wireless net in the building. Of course, they couldn't connect to it because I'm (intentionally) the only one with access to the password at the moment. But they wanted to find out how they could get access to the Internet.
So I expect I'm going to now get requests for wireless access. My problem is deciding on a "good" way to enable this access.
I think I would prefer to use RADIUS rather than to start handing out a hard configured password. To me, a fixed wireless access password only makes sense in the context of a home network. In a business, even an extremely small non-profit business, you could quickly run into password control issues. I'd rather avoid this, if possible.
However, I'm not sure that it is possible to do it another way. While I'm familiar with the principles behind RADIUS, I've never actually set up access to a wireless net using it and I'm not sure what is and is not possible in that context.
Is it possible to use RADIUS to authenticate a wireless client running one of the "Home" flavors of Windows XP/Vista? Would the PC need to have both a Windows logon userid and password?
An additional, lower priority question in the back of my mind is if there is some way to configure the network so that (some) wireless clients are only given access to the WAN/Internet. In other words, a way to prevent a wireless client from accessing part/all of the local LAN the access point is connected to?
-irrational john
After I installed it and sent out an email letting the staff know it was there, it was promptly ... ignored. I sort of expected that.
But at a "board meeting" last week someone noticed their PC had found a wireless net in the building. Of course, they couldn't connect to it because I'm (intentionally) the only one with access to the password at the moment. But they wanted to find out how they could get access to the Internet.
So I expect I'm going to now get requests for wireless access. My problem is deciding on a "good" way to enable this access.
I think I would prefer to use RADIUS rather than to start handing out a hard configured password. To me, a fixed wireless access password only makes sense in the context of a home network. In a business, even an extremely small non-profit business, you could quickly run into password control issues. I'd rather avoid this, if possible.
However, I'm not sure that it is possible to do it another way. While I'm familiar with the principles behind RADIUS, I've never actually set up access to a wireless net using it and I'm not sure what is and is not possible in that context.
Is it possible to use RADIUS to authenticate a wireless client running one of the "Home" flavors of Windows XP/Vista? Would the PC need to have both a Windows logon userid and password?
An additional, lower priority question in the back of my mind is if there is some way to configure the network so that (some) wireless clients are only given access to the WAN/Internet. In other words, a way to prevent a wireless client from accessing part/all of the local LAN the access point is connected to?
-irrational john