Radius with session resumption

Forums Network Management RADIUS 802.1x and Captive Portal Radius with session resumption

  • This topic is empty.
Viewing 1 post (of 1 total)
  • Author
    Posts
  • February 11, 2011 at 9:14 pm #42862
    knoxfj
    Member

    Hello,

    I’m building a test of 6 Access Points and Linux Client laptops. We are trying to achieve live video conferencing and video distribution while the laptops are roaming. We need to have seamless handoff’s or as seamless as possible.

    We can roam between AP’s fairly good, but drop out for 3-10 seconds for re-authentication. We believe that with session resumption we should be able to reduce that time to a more usable number.
    Any help would be appreciated.

    In Freeradius version 2.1.10 there is an option of “session resumption”
    in the /root/kerbynet.cgi/template.cfg/eap.conf file you would add
    cache {
    enable = yes
    lifetime = 24
    max_entries = 255
    }
    under the tls section.

    The problem is that the cached info doesn’t allow the Laptops to seamlessly roam from one AP to another.

    I’ve been searching the internet for similar issues and found that
    update reply {

    User-Name !* 0x00
    User-Name = “%{request:User-Name}”

    }

    http://uma-wiki.network-mobility.org/index.php5?title=FreeRadius

    should be inserted under post-auth section of inner-tunnel.
    Not sure if this is correct or not.

    The question I have is are the files in /etc/raddb.v2/sites-enabled/ actually used and would this above reply be recognized.

    Is there something else I would need to do for faster handoffs?

    Here is my configurations and conf files.
    The Access Points are running voyage 0.6.5 with hostapd (0.7.3)
    The Linux Laptops are ubuntu 9.0.4 with wpa_supplicant (0.7.3)
    I’m using Zeroshell as a Radius authentication server for the wireless users.
    All AP Units are connected via ethernet links to a central switch.

    —-The configuration of the AP units—-

    HOSTAPD.CONF File

    ### Configured for a Radius Server ###
    ctrl_interface=/var/run/hostapd
    ctrl_interface_group=0
    interface=ath0
    bridge=br0
    driver=madwifi
    logger_syslog=-1
    logger_syslog_level=2
    logger_stdout=-1
    logger_stdout_level=0
    dump_file=/rw/tmp/hostapd.dump
    ssid=MYSSID
    ieee8021x=1
    auth_algs=1
    eap_server=0
    eapol_key_index_workaround=1
    own_ip_addr=123.123.123.100
    nas_identifier=ibs010.edgevelocity.mesh
    auth_server_addr=123.123.123.13
    auth_server_port=1812
    auth_server_shared_secret=*****************
    acct_server_addr=123.123.123.123
    acct_server_port=1813
    acct_server_shared_secret=*****************
    wpa=1
    wpa_key_mgmt=WPA-EAP
    wpa_pairwise=TKIP CCMP
    rsn_preauth=1
    rsn_preauth_interfaces=br0
    wme_enabled=1
    wme_ac_bk_cwmin=4
    wme_ac_bk_cwmax=10
    wme_ac_bk_aifs=7
    wme_ac_bk_txop_limit=0
    wme_ac_bk_acm=0
    wme_ac_be_aifs=3
    wme_ac_be_cwmin=4
    wme_ac_be_cwmax=10
    wme_ac_be_txop_limit=0
    wme_ac_be_acm=0
    wme_ac_vi_aifs=2
    wme_ac_vi_cwmin=3
    wme_ac_vi_cwmax=4
    wme_ac_vi_txop_limit=94
    wme_ac_vi_acm=0
    wme_ac_vo_aifs=2
    wme_ac_vo_cwmin=2
    wme_ac_vo_cwmax=3
    wme_ac_vo_txop_limit=47
    wme_ac_vo_acm=0

    —-The configuration of the Linux Laptops—-
    WPA_SUPPLICANT.CONF File

    ctrl_interface=/var/run/wpa_supplicant
    ctrl_interface_group=0
    eapol_version=1
    fast_reauth=1
    ap_scan=1

    network={
    ssid=”**********”
    scan_ssid=1
    key_mgmt=WPA-EAP
    eap=TTLS
    identity=”user@myrealm.net”
    anonymous_identity=”anonymous”
    password=”***********”
    ca_cert=”/tmp/keys/TrustedCA.pem”
    phase2=”auth=MSCHAPV2″
    }


    Zeroshell:

    Profile – configured for our users

  • Author
    Posts
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.