Re: [WISPA] network password manager
Agreed, even flat text files will work. Personally, I've always preferred LDAP, as many other applications and devices we have deployed can make use of the same LDAP backend for centralized authentication (e.g. basic web applications such as Cacti and Dokuwiki as well as network devices from various vendors such as our Barracuda). There are plenty of applications that also support using SQL as a datastore, but they may require that you adhere to a specific schema. LDAP, in my opinion, gives me the greatest flexibility. As always, YMMV, "best tool for the job", etc. -- Jeremy L. Gaddis e: jer...@as54225.net Network Engineer m: +1.812.865.0581 On Mar 31, 2013, at 2:11 AM, Butch Evans wrote: > On Sat, 2013-03-30 at 19:23 -0400, Jeremy L. Gaddis wrote: >> individual user accounts via RADIUS w/ an LDAP backend is the "best" way > > RADIUS backend doesn't matter. Personally, I've always used SQL > backend. > > -- > > * Butch Evans* Professional Network Consultation * > * http://www.butchevans.com/ * Network Engineering * > * http://store.wispgear.net/ * Wired or Wireless Networks * > * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE!* > * 702-537-0979 * > > > > ___ > Wireless mailing list > Wireless@wispa.org > http://lists.wispa.org/mailman/listinfo/wireless ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] network password manager
As Butch mentioned, individual user accounts via RADIUS w/ an LDAP backend is the "best" way -- for devices that support it. For devices that don't support RADIUS/LDAP/other centralized backend and/or for credentials (or other sensitive data) that must be shared amongst multiple people, I highly recommend LastPass Enterprise: https://lastpass.com/enterprise_overview.php Note that "authentication" is only one of the A's in AAA. The other two, "authorization" and "accounting", are just as important. -- Jeremy L. Gaddis e: jer...@as54225.net Network Engineer m: +1.812.865.0581 On Mar 21, 2013, at 3:04 PM, Sean Heskett wrote: > As our network grows and we keep adding more hardware I am wondering what > others do with passwords to all these devices. > > i hate having one password that works on a lot of devices but i haven't > found a good industry practice or software tool to store all this data > securely. > > I'm thinking of looking at our network as different classes of devices and > making some kind of standard password for each device class but then make > the specific password for the device different by adding something to the > "base" class password so it would be different than all the others in the > class. > > servers > routers > switches > UPSs > BHs > APs > etc. > > > what are you guys doing? any good tools out there? > > thanks, > sean > ___ > Wireless mailing list > Wireless@wispa.org > http://lists.wispa.org/mailman/listinfo/wireless ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
[WISPA] Link: "The US Needs A New Spectrum Policy"
"The US Needs A New Spectrum Policy" http://www.avc.com/a_vc/2013/02/the-us-needs-a-new-spectrum-policy-.html -- Jeremy L. Gaddis e: jer...@as54225.net Network Engineer m: +1.812.865.0581 ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] Router Question
* Fred Goldstein wrote: > On 2/13/2013 5:19 AM, Bret Clark wrote: > > Since their's no such thing as a 150Mbps LAN/WAN ports, you need to get > > one with gigabit ports. The Mikrotik RB751G-2HnD...has 5 Gig ports and > > any port can be configured for WAN and/or LAN setups. Includes 2.4GHz > > 30dBi/1000mW 802.11b/g/n wireless is you need it. SRP is $80. > > Well if you want to get picky there are 150 Mbps (STS-3) ports, but > they're pretty obscure nowadays. I think Cisco supports them for ATM, > though it may be historical, not current product. I'm curious what the > application is. Ancient Cisco stuff like that does show up on eBay at > pretty low prices, but anything new and under $1k or so will probably > only have Ethernet ports. Well, if you want to get picky, those would actually be (if memory serves) 155.52 Mbps and, of course, it's only called STS-3 (STS-3c, technically) if it's an electrical carrier (an optical carrier being referred to as OC-3c)... but I'm sure you know all this, Fred. While I'd certainly agree that new SONET deployments likely are few and bar between, there's still a huge installed base out there (indeed, one of our upstreams network is mostly SONET). I think it's safe to say, though, that we all know what Bret meant and that these "well, *technically*, ..." posts (including this one) add nothing of value to the conversation. -- Jeremy L. Gaddis e: jer...@as54225.net Network Engineer m: +1.812.865.0581 ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] Level3 Explosion?
* Matt Hoppes wrote: > Did anyone else see an explosion on the Level3 network this morning? > They've been up and down all morning since around 2:30 eastern time... > just recovered recently. >From the e-mail notification I received from Level 3 (~13 hours before the start of the maintenance window): "Emergency Maintenance Advisement - This maintenance is scheduled." ... and ... "Level 3 Communications will perform a mandatory network upgrade that will be service impacting and will impact devices in multiple locations. We are upgrading the code on portions of the global network to increase stability for the overall network. During this maintenance activity customers may be impacted for approximately 30 minutes." My own guess is that they wanted to quickly get their gear upgraded so that they weren't caught with their pants down like the last time such a vulnerability was announced. In that case, someone posted (previously unknown) exploit details to the full-disclosure mailing list, forcing many to to delay patching any longer: http://seclists.org/fulldisclosure/2010/Jan/136 On a side note: if you ever want to receive a ton of hate mail from engineers at large companies and telcos, that's a good way to do it. -- Jeremy L. Gaddis e: jer...@as54225.net Network Engineer m: +1.812.865.0581 ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] Ubiquiti Radios as routers
* Fred Goldstein wrote: > At 10/12/2012 10:23 AM, Tim Densmore wrote: > There's a real market gap not quite being filled by our usual WISP > vendors MT and UBNT. MT has a new CPE router with SFP support. This > would be great for a regional CE fiber network. Let's say you have a > building (say, Town Hall) with multiple tenants in it, each with a > separate IP network (say, Town administration, Police, and School > Admin). You'd want to be able to drop off one fiber with separate > VLANs (virtual circuits) for each network, isolating the traffic from > each other. An MEF switch is cheaper than a real Cisco router but a I can't speak to Ubiquiti but Mikrotik RouterOS certainly supports MPLS and VPLS (and LDP and OSPF and BGP). The design you describe is exactly what the majority of the world is using MPLS VPNs for -- utilizing, of course, LDP and BGP (and occasionally OSPF between CE and PE). Unless I'm missing something... -- Jeremy L. Gaddis e: jer...@as54225.net Network Engineer m: +1.812.865.0581 ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] EOIP/GRE Performance
* Nick Olsen wrote: [snip] > The cable connections are normally 50Mb/s down, 5Mb/s up. > If I run a bandwidth test inside the tunnel, I can only get 25-30Mb/s down. > Outside the tunnel, It does the full 50Mb/s. > > This is the same for every cable connection we have. They are all terminating > back to a RB493G in our rack sitting on GigE. I can even run multiple > bandwidth > tests to all of the locations and get an aggregate of >200Mb/s but no more > then > 25-30 to any single endpoint. > > And ideas? Does the latency increase on your throughput tests inside the tunnel? Are you considering fragmentation/MTU issues? -- Jeremy L. Gaddis e: jer...@as54225.net CCNP/JNCIA/ASE m: +1.812.865.0581 Network Engineer w: evilrouters.net ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] Future of Wifi Offloading WAS: Ericsson is buying BelAir, betting on Wi-Fi
On Jan 26, 2012, at 11:22 PM, John Scrivner wrote: > Here are my predictions based partly upon the acquisitions we have > seen of Atheros by Qualcomm and now this latest play into Wifi by > otherwise generally licensed zealots of the mobile world: [snip] > I predict we'll see all this come to pass by 2017-18. We'll see how > clear my crystal ball is in a few years. I hope you guys will remember > this then and be sure to pull it up and make fun of me for being so > far offor not!:-) I predict you'll see it well before that. Someone else in the thread mentioned Comcast and Time Warner planning to roll out thousands of access points. Remember that both of these companies are also in the cellular game now. What's (one of) the biggest problem(s) cellular carriers are facing right now? The explosion in data traffic. They *need* to offload as much data traffic off of their networks as they can. They simply cannot handle the projected long-term growth in data traffic. Enter 802.11u. -- Jeremy L. Gaddise: jer...@as54225.net Network Engineerm: +1.812.865.0581 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
