Network Working Group
Internet Draft G. Paterno'
Document: draft-gpaterno-wireless-pppoe-00.txt Editor
Expires: March 2003 September 2002
Using PPPoE to authenticate Wireless LAN
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026 except that the right to
produce derivative works is not granted.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT","SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in [RFC-2119].
Abstract
This document targets the Internet Service Providers and Wireless
Internet Service Providers who aims to provide access to their users
through Wireless LAN technologies, such as IEEE 802.11. Through this
paper, the author explores the advantages of using the Point-To-Point
Protocol over Ethernet to provide access to the internetwork and
gives suggestions on how to deploy the infrastucture.
G. Paterno' Informational [Page 1]
�
Internet-Draft Using PPPoE in Wireless LAN September 2002
Table of Contents
1. Current Wireless LAN Scenario...............................2
2. Proposed Solution...........................................2
Copyright and disclaimer.......................................3
References.....................................................4
Acknowledgments................................................4
Author's Addresses.............................................4
1. Current Wireless LAN Scenario
The current popular standard for Wireless LAN is the IEEE 802.11,
which is widely adopted by the device manufacturers. In brief, the
protocol emulates an ethernet network and most of today's access
points act as bridge between an existant Local Area Network, for
example the corporate LAN, and the wireless network. Furthermore, the
protocol itself includes a security feature, named Wireless
Encription Protocol (WEP), which should provide encryption to the
connection, thus privacy.
Unfortunatly, it has been demonstrated that WEP can be broken by a
potential malicious user that might gain access to the network
without supplying any credential.
Furthermore, the use of DHCP or other LAN technologies might
represent a disadvantage for Internet Service Providers that are
unable to identify a specific user, for example for accounting
purposes.
The protocol 801.11 tries to fill the gap suggesting the use of MAC
addresses to identify uniquely the users. The use of MAC addresses
introduces another issue on manageability: if a user changes the
wireless adapter, for example a broken one, he/she should contact the
ISP and provides the new MAC address and the old one to be
deconfigured.
2. Proposed solution
With the introduction of cable and ADSL technologies, ISPs has
adopted a methodology for resolving such a problem for the broadband
world.
The above technologies, in usual configurations, are able to emulate
an ethernet network. Although the DHCP is an easy to deploy for a
Service Provider and to configure from an user perspective, it does
not provide a way to authenticate the user, thus impossible for
accounting or authorization.
G. Paterno' Informational [Page 2]
�
Internet-Draft Using PPPoE in Wireless LAN September 2002
The community solved this need with the introduction of the Point-To-
Point over Ethernet protocol (PPPoe), described in RFC 2516. Through
the adoption of this protocol, access control, billing and several
type of services can be done on a per-user, rather than a per-site or
cell basis.
The 802.11 tecnology, in a similar way to the aforementioned
broadband technologies, is able to emulate the ethernet network. The
advantage is clear: through applying the PPPoE technology to the
wireless LANs, traditional ISPs and the Wireless Internet Service
Providers might bring authentication, authorisation, accounting to
the wireless users without changing the existing dial-up
infrastructure.
A practical example of using this technology is to provide, for
example, fixed IP addresses to roaming wireless user: wherever the
the user is located, he/she can have his/her IP address and the
quality of service subscribed.
Furthermore, the use of PPP will bring another layer to potential
malicious users, that should break both the WEP and the PPP layer.
It is envisaged that password SHOULD not be exchanged through the PAP
authentication methodology, but a challenged protocol such as CHAP
should be used instead.
A possible scenario of deployement would be to disable the use of WEP
from the access-points and use CHAP and Microsoft Point-To-Point
Encryption Protocol (RFC3078) instead, which is easier to configure
from an end-user perspective.
Copyright and disclaimer
Copyright (C) Giuseppe Paterno' (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the author of this document or
other Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
G. Paterno' Informational [Page 3]
�
Internet-Draft Using PPPoE in Wireless LAN September 2002
The limited permissions granted above are perpetual and will not be
revoked by the author or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and Giuseppe Paterno' DISCLAIMS ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
References
[1] RFC 2516, "A Method for Transmitting PPP Over Ethernet (PPPoE)"
[2] Roaring Penguin PPPoE implementation
[3] RAS PPPoE protocol implementation, by Robert Schlabbach
Acknowledgments
The author of this document wish to thanks Silvio Danesi and Daniele
Todde for providing the technical infrastructure, Luca Sciortino for
his moral support.
Author's addresses
Giuseppe Paterno'
Via Copernico, 63
20094 Corsico (MI)
Italy
Email: gpaterno@gpaterno.com
G. Paterno' Informational [Page 4]
�