Hi,
In conserving the expenses of deploying an authentication server, I'm seeking an access point with local username/password authentication. LEAP or EAP-FAST would work; though, I don't believe XP supports those EAP methods. Is there an AP that allows installation of a certificate and uses PEAP?
regards J.E
On 12 Mar 2007 16:26:35 -0700, "nordic mist" wrote in :
ZyXEL G-2000 Plus
or
I believe the Cisco Aironet's can now be configured to use a local database to do this authentication.
Chris
~ I believe the Cisco Aironet's can now be configured to use a local ~ database to do this authentication. ~ ~ Chris
Aironet APs can be configured with a local RADIUS server, but they only support LEAP and EAP-FAST, not PEAP, which is what the o.p. was looking for.
Aaron
To clarify do you mean they won't do PEAP when going to a local radius server?
I ask because I worked with an 1130AG that was using PEAP mschapv2 auth several months ago, but I think it was authing against a remote server, not local.
~ > ~ I believe the Cisco Aironet's can now be configured to use a local ~ > ~ database to do this authentication. ~ > ~ ~ > ~ Chris ~ > ~ > Aironet APs can be configured with a local RADIUS server, but they only ~ > support LEAP and EAP-FAST, not PEAP, which is what the o.p. was ~ > looking for. ~ ~ To clarify do you mean they won't do PEAP when going to a local radius ~ server?
Correct, the local RADIUS server feature in the AP does not support PEAP.
~ I ask because I worked with an 1130AG that was using PEAP mschapv2 ~ auth several months ago, but I think it was authing against a remote ~ server, not local.
Must have been.
Aaron
Thanks for the suggestion. This model and the G-3000H both feature built-in Radius service allowing PEAP authentication. Though there appears to be a limit of registering 32 users in the local database. Are there other APs that allow more or can this be adjusted on the Zyxel?
The reason why I'm seeking local authentication is the potential to exploit the APs OS/firmware if no or little (MAC-based) authentication occurs. I've not researched this scenario in depth, but is it possible that an exploitable bug exists in a APs code, where an attacker can connect and exploit? I thought of this possibility in the case where the AP hands off authentication to an external Radius service- before the auth occurs, an attacker has communication with the AP.
J.E
On 29 Mar 2007 09:45:31 -0700, "nordic mist" wrote in :
I think that's it with ZyXEL.
At one time it was possible to use TinyPEAP on certain routers, but that now appears to be dead.
I think this has been requested as an enhancement to DD-WRT, but I don't think it's actually happened.
I seriously doubt it. I see no real downside in using an external RADIUS service.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.