Home > Archive > CWNP > December 2003 > Radius and VPN issues first hand...





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Radius and VPN issues first hand...
Evilphil

2003-12-09, 3:41 pm

OK... First off, let me give some background... I am at a conference right now with 20 Dell Latitude C600 laptops running WinXP. They have the built-in Truemobile 1150 cards. I have two servers, one acting as a VPN, the other is the domain controller, both running Windows 2000. Two Lucent/Orinoco AP-1000 with a total of 3 Orinoco Gold cards running as AP's. Channels 1,6, and 11 are being used. I have WEP enabled and SSID's blocked. Radius is setup using Win2000 IAS, and VPN. The clients are booted, at which point, before login, the Radius server auth's them via Mac addy, and hands them an IP. They must then use the VPN to connect to the backend of the network (different subnet). Once VPN'd, they will then have an IP for the backend network, and are able to login to the domain.

Things seemed OK when running 5 test machines at a time running an Access relational database. Once all of the machines were connected to it, they would one by one start losing connection... The AP's were set to a small cell size, and since I am using XP, I can't adjust the cell size for the client as with Win2000 Pro. I witnessed clients roaming frequently between the two physical AP's, and I'm sure the two cards in the first AP as well. This did not seem to be an issue at first, however, there must have been just too much overhead.

At first, I was under the impression that I was having a near/far issue with some of the client machines, but since I experienced the issue on pretty much all of the machines, I just figured that it was too much traffic for the AP's to maintain.

I haven't eaten lunch yet, and I'm frustrated... I was hoping that this solution would work until I deployed 802.1x, but looks like I went straight back to the cheeseball days with just WEP and blocked SSID.

I figure that with so many clients connected through the VPN, the available bandwidth dropped far enough to knock clients off the AP and dissassociate without reassociating with another AP smoothly. Thus, killing their DB socket connection, or their VPN connectivity (worst case).

My thoughts, UPGRADE MY FREAKIN AP's to at least G, and run 802.1x/PEAP..
.
.
.
.
.
.
.
Any thoughts from you guys? Any experiences you'd like to share?
Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net