1.2 Requirements

1.2.1 GPCentral vs. GPRadius

Greenpass is designed to run on two servers, GPCentral and GPRadius.

GPCentral

The central machine handles the web-based authorization and delegation interface. It is the re-direct location for guests to the network, and where the requests for access are handled.

GPRadius

The radius installation is intended to work with an existing radius server. It includes the AuthServer, which retains and administers the current delegation information.

Combining the Two

It is possible to install both elements onto the same server. They share code and documentation; the edu and doc folders should be identical between them.

1.2.2 Network Configuration with Access Points

upload:GP-Diagram.jpg

This is a diagram of the network components and servers with the names and IP addresses included. All of those IPs are configured statically.

Access Point Configuration

The bulk of the hardware configuration is done on the AP. These directions are for a Cisco 1100. Other Aps will require a similar setup.

First, the two SSIDs are created and configured. Under the Security menu on the left, go to SSID Manager

Authorized_User is on VLAN 1 and not broadcast.

Greenpass_Guest is on VLAN 2 and is broadcast.

Authorized_User:

This is the SSID that requires EAP authentication.

Under "Authentication Settings":

For accounting, look at the "Accounting Settings" and check the box and set the servers as you did under Authentication Settings.

Greenpass_Guest:

Just use Open Authentication and set up the accounting settings as with the other SSID.

Next we set up WEP, which is required for EAP authentication. Under Security, go to Encryption Manager. For VLAN 1, click on WEP encryption and make it mandatory. You can set up WEP for VLAN 2 as well.

Now we need to setup which RADIUS server(s) are used. Security-->Server Manager

Under "Corporate Servers," we enter the IP address for the RADIUS server, and provide the shared secret that is used. This shared secret will also be provided in the clients.conf of the RADIUS server under this AP. The Authentication port is 1812 and the Accounting port is 1813.

1.2.3 Switch and Router

Switch

download Cisco Network Assistant Installer from Cisco Support Web site (need login account there)
install Cisco Network Assistant on Windows computer
Run Cisco Network Assistant
connect to switch by providing it's IP address.
set admin login and pw
login the admin account
select front panel view in toolbar
select port of interest, right mouse click, menu allows selection of Port Settings, VLAN, Port Security etc.
VLAN gives access to VLAN setting

Using tabs on left side:  Features tab provides switch setting wizards
"save configuration" can transfer to TFTP server
otherwise login on serial port to capture configuration
"VLAN" starts wizard to define a VLAN
Greenpass uses VLAN 1 and 2
VLAN 2 is the 10.0.0.x network

configure ports for VLAN2 (open network)
one port for gpcentral is connected to VLAN 2
other interface for gpcentral connected to VLAN1
gpradius is connected to VLAN1
Access Point (AP) is connected to port configured as trunked

Router

configure router by opening http connection to it's IP address
set admin login and pw
login on serial port to capture configuration
(FastEthernet0/0 goes to the outside world, FastEthernet0/1 goes to the switch)

Return to Main
1 Building Greenpass 2 Running Greenpass


Last edited August 14, 2006
Greenpass Home