I've given this subject a little more thought and noticed that Gargoyle supports WPA2 RADIUS. I've also noticed some organisations are now providing free RADIUS services.Eric wrote:I suspect this topic is popular because people are interested in weaknesses in the quota system (which is what the title refers to),...
Internet users are required to login for so many services nowadays eg. email, social network sites, etc. I don't think it would be too much to expect them to login via RADIUS to use the internet as well. This would overcome the vulnerability to MAC spoofing wouldn't it?
Why not take it one step further and include the option of associating all of Gargoyles quota and restriction features to authentic usernames when WPA2 RADIUS is selected?
At the moment you can assign a static IP to a MAC. If you include the ability to assign a static IP to an authentic username it wouldn't matter which device the user used. If RADIUS returned "yes" username authenticated the static IP associated with that username would be then be allocated to that device. This would obviate the need for a captive portal etc. and make the WLAN very secure.
Is this feasible?