hello Ian, On Dec 14, 2007 1:37 PM, Ian McDonald <[EMAIL PROTECTED]> wrote: > I'm quite happy to explain how/what we do, and what we'd like to do. > > You're going to have to get some managed switches though. Your hands are > tied otherwise. >
I would like to hear your solution. I would like to say that changing equipment into the internal networks of the buildings is quite out of the question because there are a little bit over 150 switches of 24 ports that i know of (without management); there may be other private switches and wireless routers, private property of the students. Anyways i would like to hear your solution if it is not a problem for you. My ISP suggested also changing all the internal switches and use 802.1x port-based Network Access Control, but the University rejected the proposal (not due to lack of founds ... too much work to do may be ???). > > You could/can PPPoE, and there's client support in Windows/MacOS/Linux, > but you'll need some horsepower on the servers to terminate all the > tunnels. > I looked into PPPoE some time ago because a local ISP here is using this type of authentication. I don't remember where i read / who told me, that PPPoE is vulnerable to sniffing by installing a PPPoE daemon which listens to broadcasts of connecting users, so i dropped the idea. If you have used such method of authentication could u please tell me the hardware that you used and the minimum number of clients connected to that server ? I'm interested to make an idea of what hardware i should poses. If my authentication method is safe i would leave all ports open and traffic shape them or something like this. I would keep the proxy just for caching of websites. Authentication is imposed due to legal issues and attacks. Recently we had some problems with local authorities due to some students, which of course spoofed their IPs and MACs. By horsepower to terminate the tunnels you refer in case if i keep on limiting the available services, right ? > > Where are you based? > -- I'm based in Romania. I wouldn't make public my University name, but if you want to know it for yourself it is no problem (just say it). > ian > Network Manager, University of St Andrews. I would really like to know how a real campus network should look like. I'm looking forward for your answer. Adrian TIRLA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
