Re: Radius, PEAP & Guest Access

From: Ashwin Palekar\(MS\) (ashwinp_at_online.microsoft.com)
Date: 04/17/04 

Date: Sat, 17 Apr 2004 05:10:43 -0700

If you do not require some form of authentication, then anyone in vicinity
of your wireless network will be able to access the Internet for free.

It is safer to use authenticated guest access. You can do this using Windows
2003 IAS and PEAP. Assign users accounts and passwords for these guest users
and then use PEAP (you can use a separate domain which is not trusted by the
other domains). Set the accounts to expire as per your policy; and set
remote access policy at IAS server with the appropriate VLANs or IPFilters.

The clients should be automatically disconnected after the account expires
(as long as the AP supports radius standard session-timer).

The AP must support RADIUS based VLANs or IPFilters. 

-- 
-- 
===========================================================
This posting is provided "AS IS" with no warranties and confers no rights
===========================================================
"Lurch" <Lurch_22@hotmailDOT.com> wrote in message 
news:O7xehE%23IEHA.3968@TK2MSFTNGP12.phx.gbl...
> Is it possible to setup some kind of guest access on a Access Point, that 
> is
> using PEAP to authenticate through Radius? Basically i want the non-domain
> user/computer to get an IP address, be able to access the internet and
> nothing else.
>
>

Relevant Pages

  • RE: Separating authentication and authorization for admins was: RE: AD across both DMZ & LAN
    ... Subject: Separating authentication and authorization for admins was: RE: ... administrators and/or admin actions on the ... > internet from their PC's. ... so that we only have one set of user accounts to ...
    (Security-Basics)
  • Re: Securing a LAN
    ... > go out to the Internet. ... > an Ethernet network. ... I would like to add some authentication in this ... > IP to a certain MAC, but I heard something about RADIUS, that is a server ...
    (comp.os.linux.networking)
  • Re: Firewall client, sockets and SecureNAT
    ... indeed from the labs and reading we find that RADIUS is 'supported' for ... I guess the other options we could use then is setup an internal ISA ... To my knowledge the firewall client will only pass Windows authentication ... > For Internet access from internal LAN where the client is using ISA ...
    (microsoft.public.isaserver)
  • Re: Radius, PEAP & Guest Access
    ... provide guest ... This was solved on cisco boxes with cisco http authentication proxy ... against the radius sam database ... ... > user/computer to get an IP address, be able to access the internet and ...
    (microsoft.public.internet.radius)
  • Cisco Security Advisory: RADIUS Authentication Bypass
    ... Cisco Security Advisory: RADIUS Authentication Bypass ... Cisco has made free software available to address this vulnerability. ...
    (Bugtraq)