Is there an inexpensive/windows based Radius or Radius like service that can be installed and used for home users?

I found a few Linux based Radius servers for Linux, and I saw something about a MS service that acts like a Radius service...

Could someone provide some pointers to setting up a Radius server for a home user?

Has anyone tested the D-Link devices with the latest (Jan 10th, 2003) release of the firmware that supports 802.x security?

(Yes. I know, D-Link is not a hi-end product.)

If you have this device the firmware is available here:
D-Link Support for DWL-900AP+ (http://support.dlink.com/products/view.asp?productid=DWL%2D900AP%2B)

Windows 2k server has the built-in authentication if you happen to be running that at home (yea, it's not really a home use OS, but I know lots of people who do that). I would recommend using a Linux variant. The Merit RADIUS server probably has been updated for the wireless elements and is generally available. Linux servers are not very expensive (cheaper than a PC with Windblows).

I may be stupid, but what is 802.x security. I have two 900AP+'s in bridging mode on an extremely sensitive network. Would I benefit from the 802.x security? Thanks.

My error, the correct name for this is 802.1x not 802.x.

For some additional information on this feature see this link:
802.1x information link (http://www.80211-planet.com/tutorials/article.php/1041171)

Hi.
Im interested if I can use 801.1X on clients connected on eth. port of my DWL900AP. I have many clients connected on same network and i want to limit them which can and which can't connect to other side wireless network.
TNX

Hi,
802.1x authentication isn't a solution for the insecurity inherent in WEP and 802.1b/g in and of itself. Further if the 802.1x solution is say MD5, then it's about on the level of MAC filtering (that is it isn't mutual authentication). Worse, 802.1x can be used to authenticate but plain old WEP can be used to transport the data after authentication (so you have a great authentication system, especially if it's mutual, but wind up with plain old WEP after authentication and the same security exposure to cracking that traditional WEP offers).

Sanao appears to be ready to offer an 802.1x card, which has authentication embedded. W2K and XP support 802.1x clients, however it is supported as only MD5 pre XP SP 1, and using EAP/LEAP (I think LEAP) post SP1.

Authentication sounds nice, surely adding another 802.1whatever sounds better than not, however a minimal 802.1x implementation can be little more than a very small band aid for the broken limb which is WEP. Check out the totality of the 802.1x solution offered, unless keys are changed regularly and automatically after being generated at authentication it's likely not really any more secure than just using WEP.

Good luck!

I was thinking that using 802.1x with WEP and the ability to change the key automatically would make things somewhat more
secure.

See last line in the paragraph below...

----- This is from the 802.1x document URL earlier -------
The basic 802.1X protocol provides effective authentication regardless of whether you implement 802.11 WEP keys or no encryption at all. Most of major wireless LAN vendors, however, are offering proprietary versions of dynamic key management using 802.1X as a delivery mechanism. If configured to implement dynamic key exchange, the 802.1X authentication server can return session keys to the access point along with the accept message. The access point uses the session keys to build, sign and encrypt an EAP key message that is sent to the client immediately after sending the success message. The client can then use contents of the key message to define applicable encryption keys. In typical 802.1X implementations, the client can automatically change encryption keys as often as necessary to minimize the possibility of eavesdroppers having enough time to crack the key in current use.

Hi dld121,
It depends on how the encryption after 802.1x authentication is implemented, from personal experience for example the Zyxel 10W product offers MD5 802.1x and does not offer any encryption greater than WEP after authentication. Thus you have a weak authentication (but it IS an 802.1x authentication) and the same plain jane WEP. Essentially virtually no security improvement over WEP and MAC filtering. I'm unsure what DLink is offering, but you should check carefully, 802.1x MAY or MAY NOT include a superior encryption scheme to WEP. The implementation is up to the vendor.