Network Working Group Internet Draft G. Paterno' Document: draft-gpaterno-wireless-pppoe-00.txt Editor Expires: March 2003 September 2002 Using PPPoE to authenticate Wireless LAN Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026 except that the right to produce derivative works is not granted. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Conventions used in this document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT","SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC-2119]. Abstract This document targets the Internet Service Providers and Wireless Internet Service Providers who aims to provide access to their users through Wireless LAN technologies, such as IEEE 802.11. Through this paper, the author explores the advantages of using the Point-To-Point Protocol over Ethernet to provide access to the internetwork and gives suggestions on how to deploy the infrastucture. G. Paterno' Informational [Page 1] Internet-Draft Using PPPoE in Wireless LAN September 2002 Table of Contents 1. Current Wireless LAN Scenario...............................2 2. Proposed Solution...........................................2 Copyright and disclaimer.......................................3 References.....................................................4 Acknowledgments................................................4 Author's Addresses.............................................4 1. Current Wireless LAN Scenario The current popular standard for Wireless LAN is the IEEE 802.11, which is widely adopted by the device manufacturers. In brief, the protocol emulates an ethernet network and most of today's access points act as bridge between an existant Local Area Network, for example the corporate LAN, and the wireless network. Furthermore, the protocol itself includes a security feature, named Wireless Encription Protocol (WEP), which should provide encryption to the connection, thus privacy. Unfortunatly, it has been demonstrated that WEP can be broken by a potential malicious user that might gain access to the network without supplying any credential. Furthermore, the use of DHCP or other LAN technologies might represent a disadvantage for Internet Service Providers that are unable to identify a specific user, for example for accounting purposes. The protocol 801.11 tries to fill the gap suggesting the use of MAC addresses to identify uniquely the users. The use of MAC addresses introduces another issue on manageability: if a user changes the wireless adapter, for example a broken one, he/she should contact the ISP and provides the new MAC address and the old one to be deconfigured. 2. Proposed solution With the introduction of cable and ADSL technologies, ISPs has adopted a methodology for resolving such a problem for the broadband world. The above technologies, in usual configurations, are able to emulate an ethernet network. Although the DHCP is an easy to deploy for a Service Provider and to configure from an user perspective, it does not provide a way to authenticate the user, thus impossible for accounting or authorization. G. Paterno' Informational [Page 2] Internet-Draft Using PPPoE in Wireless LAN September 2002 The community solved this need with the introduction of the Point-To- Point over Ethernet protocol (PPPoe), described in RFC 2516. Through the adoption of this protocol, access control, billing and several type of services can be done on a per-user, rather than a per-site or cell basis. The 802.11 tecnology, in a similar way to the aforementioned broadband technologies, is able to emulate the ethernet network. The advantage is clear: through applying the PPPoE technology to the wireless LANs, traditional ISPs and the Wireless Internet Service Providers might bring authentication, authorisation, accounting to the wireless users without changing the existing dial-up infrastructure. A practical example of using this technology is to provide, for example, fixed IP addresses to roaming wireless user: wherever the the user is located, he/she can have his/her IP address and the quality of service subscribed. Furthermore, the use of PPP will bring another layer to potential malicious users, that should break both the WEP and the PPP layer. It is envisaged that password SHOULD not be exchanged through the PAP authentication methodology, but a challenged protocol such as CHAP should be used instead. A possible scenario of deployement would be to disable the use of WEP from the access-points and use CHAP and Microsoft Point-To-Point Encryption Protocol (RFC3078) instead, which is easier to configure from an end-user perspective. Copyright and disclaimer Copyright (C) Giuseppe Paterno' (2002). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the author of this document or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. G. Paterno' Informational [Page 3] Internet-Draft Using PPPoE in Wireless LAN September 2002 The limited permissions granted above are perpetual and will not be revoked by the author or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and Giuseppe Paterno' DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." References [1] RFC 2516, "A Method for Transmitting PPP Over Ethernet (PPPoE)" [2] Roaring Penguin PPPoE implementation [3] RAS PPPoE protocol implementation, by Robert Schlabbach Acknowledgments The author of this document wish to thanks Silvio Danesi and Daniele Todde for providing the technical infrastructure, Luca Sciortino for his moral support. Author's addresses Giuseppe Paterno' Via Copernico, 63 20094 Corsico (MI) Italy Email: gpaterno@gpaterno.com G. Paterno' Informational [Page 4]