[ietf78-tech] auth token

Chris Elliott chelliot at pobox.com
Sat Jun 26 13:11:59 PDT 2010 

/And/ offer .1X for those that prefer it...using the same credentials.


--
Chris Elliott


On Jun 26, 2010, at 4:10 PM, Chris Elliott <chelliot at pobox.com> wrote:

> Then at least let's have the switches doing the MAC address filtering and not put a bottleneck in the network.
> 
> 
> --
> Chris Elliott
> 
> 
> On Jun 26, 2010, at 4:07 PM, Joel Jaeggli <joelja at bogus.com> wrote:
> 
>> When the discussion of captive Portal vs 802.1x came up the last the the preference seemed to be for the former.
>> 
>> Joel's iPad
>> 
>> On Jun 26, 2010, at 12:55 PM, Chris Elliott <chelliot at pobox.com> wrote:
>> 
>>> Why put more hardware in the data path? And use a known insecure method?
>>> 
>>> Let's use WPA/WPA2 with 802.1X and Radius. Obviously the AP's support this. The switches also support this on wired, although I don't think we need to authenticate wired as long as we check badges for folks coming into the terminal room.
>>> 
>>> Chris.
>>> 
>>> 
>>> --
>>> Chris Elliott
>>> 
>>> 
>>> On Jun 26, 2010, at 3:45 PM, John Kemp <kemp at network-services.uoregon.edu> wrote:
>>> 
>>>> 
>>>> I guess I should say "hello!", since the demon has now been invoked.
>>>> My name is not Hans Kuhn, but we have been known to share a beer now
>>>> and again...
>>>> 
>>>> To Randy's question, I thought that sounded like a simple and
>>>> efficient idea, i.e. token exists already.
>>>> 
>>>> Same phone/codes as you used for the other phone meeting?
>>>> US: +1 650 625 2888 ... ???
>>>> 
>>>> My plan for this week is to proof-of-concept and performance
>>>> test MAC address filtering and redirection using ebtables and
>>>> broute.  So that's what I'm working on.  Idea is that there are
>>>> two nics on the box, multiple vlans in trunk on each side, matching
>>>> multiple interfaces defined on the nics on the box,
>>>> and two bridge interfaces carrying whichever vlans are chosen, any
>>>> designated as "filtered" or designated as "clear".  So that's the
>>>> general concept.  Bridging + mac address filtering.  Let me know
>>>> if that sounds approximately correct for the requirements???
>>>> 
>>>> John Kemp (kemp at network-services.uoregon.edu)
>>>> 
>>>> 
>>>> On 06/25/2010 11:24 PM, Jim Martin wrote:
>>>>> Sorry Randy ... just too much real life this week. Actually, John, Joel and Rob Nagy are working together on a first cut plan. I expect to discuss their results on the monday call so we can have something for Ray on the Tuesday admin call.
>>>>> 
>>>>> - Jim
>>>>> 
>>>>> On Jun 25, 2010, at 10:48 PM, Randy Bush wrote:
>>>>> 
>>>>>>> of course we are too late to have the maastricht registration process
>>>>>>> issue a token set we can use as auth.  but ...
>>>>>>> 
>>>>>>> as part of reg process, everyone is issued a reg number.  they get this
>>>>>>> on their reg web page, on their email receipt, on the paper receipt they
>>>>>>> get when they get their badge, ...
>>>>>>> 
>>>>>>> so, straw proposal
>>>>>>> 
>>>>>>> o use reg number for maastricht and, optionally, plan to issue our own
>>>>>>> reg token for beijing
>>>>>>> 
>>>>>>> o have paper bag full of reg numbers at the reg desk for those who
>>>>>>> lost theirs, want privacy, or whatever
>>>>>> 
>>>>>> i noticed the stunning response to this.  am i off the wall as usual?
>>>>>> is there a better/easier/sexier hack?  as russ/ray will need to start
>>>>>> socializing this with the users, we should come to some sort of plan.
>>>>>> 
>>>>>> randy
>>>>>> _______________________________________________
>>>>>> ietf78-tech mailing list
>>>>>> ietf78-tech at daedelus.com
>>>>>> http://www.daedelus.com/mailman/listinfo/ietf78-tech
>>>>> 
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> ietf78-tech mailing list
>>>>> ietf78-tech at daedelus.com
>>>>> http://www.daedelus.com/mailman/listinfo/ietf78-tech
>>>> 
>>>> _______________________________________________
>>>> ietf78-tech mailing list
>>>> ietf78-tech at daedelus.com
>>>> http://www.daedelus.com/mailman/listinfo/ietf78-tech
>>> _______________________________________________
>>> ietf78-tech mailing list
>>> ietf78-tech at daedelus.com
>>> http://www.daedelus.com/mailman/listinfo/ietf78-tech
>>>

More information about the ietf78-tech mailing list