Radius By IAS

We have successfully implemented Radius server authentication using Microsoft IAS for our wireless access points. For a small institution such as ours, inexpensive, centralized authentication is essential. Our access points cost about $200 each, and the IAS server is part of Windows 2000 server.

We purchased Netgear WG302 wireless access points over a year ago. These are medium-priced access points, somewhere between low-end residential models and expensive, corporate models. We were hoping to centralize administration either by FTP-ing a config file to each access point or installing a Radius server. Last year, both methods failed. The FTP server within the access point limited the number of MAC addresses you could upload to 10. The access point’s support for Radius was limited to WPA. That would require us to distribute a password to students, which we did not want to do.

We were upset that the access point did not live up to advance billing, since two of the centralized administration protocols did not work in a practical mannner. However, our network admin managed to develop a scheme that worked all last year despite its awkwardness: a macro that would successively visit the web administration page of each access point and add one address at a time. Unbelieveably, it worked, but it took a while to run and would not permit batch additions or subtractions — Clearly a short-term solution.

Fortunately for us, Netgear updated their access point firmware this year to allow Radius for MAC access control. Now, when you turn access control on, you have the option of using either a local MAC address database or a Radius server. Nonetheless, it still required our network admin three days of trial and error to get it to work, since documentation was both scarce and conflicting. A couple of key tips were that it only worked if the MAC address objects in Active Directory were all lower-case, the AD password was lower-case, and dial-in/remote access permission for the AD object was turned on.

Two great features of the new system are that one can quickly create or update a MAC address by manipulating AD objects, and one may monitor access point status in the event log.

Write me if you want more implementation details. I would not be surprised if the required tips vary from platform to platform.

[Update] Implementation details posted here.

6 comments

  1. Becky Rossof says:

    I would like to know if the Cell Microscape CD by Kassissieh and Mistry is available for MAC OS X. I used it for many classes and would like to purchase a version compatible with OSX.

  2. rkassissieh says:

    Dear Becky,

    I am flattered that you have inquired about Cell Microscape. I abandoned the project some years ago when interest in CD-ROM software declined and I realized that the project was not going to build momentum without significant startup capital.

    I of course still have all of the project files and am ready to create a web version if interactive multimedia makes a return on the web. See the following article I just wrote yesterday on this topic for more information.

    http://inside.sfuhs.org/blo

    So the short answer is that I do not have a Mac OSX version currently available. Sorry for that.

  3. Roger Frazior says:

    Richard, I too am a Technology Director for a High School (Texans CAN! Academy) and have run into the exact same problem with WAPs. I purchased about 50 WG302s with the promise of a great product but have found them to be mainly hype. I am greatly interested in the config of your IAS server for MAC authentication.

    Any help is greatly appreciated

  4. david says:

    Hi Richard, I work in a italian public bibliotech and I’ve the same problem with four WG102 and a IAS Server and mac-address authentication. Can you post the config example for us?
    thanks a lot Richard

    David

  5. rkassissieh says:

    Thank you for your requests. I have posted the complete documentation at http://inside.sfuhs.org/blo

  6. victvishwa says:

    A question to all of u .. DID IT WORK with Great NETGEAR WG302