|
I'm no expert so you guys feel free to correct me
as needed.....
The smallest subnet needs 4 ip addys to work.
Even if it's three you get the idea. Still a huge waste of a very limited
and harder to get all the time resource.
----- Original Message -----
Sent: Wednesday, December 07, 2005 10:12
AM
Subject: Re: [WISPA] How
toAuthenticate/Protect(WasEthernetbasedauthentication)
How were you looking at routing to use 3 for
1? I have never setup routing that way and would like to be sure I
don't. I am running
fully routed from the get-go, with 3 internal
routers and a 4th going in Friday. Actually 2 MTs as router only and 2
that are
"routing APs".
Scott Reed
Owner
NewWays
Wireless Networking
Network Design, Installation and
Administration
www.nwwnet.net
The season is Christmas, not X-mas,
not the holiday, but Christmas, because
Christ was born to provide
salvation to all who will believe!
---------- Original Message
-----------
From: "Marlon K. Schafer (509) 982-2181"
<[EMAIL PROTECTED]>
To: "WISPA General List"
<wireless@wispa.org>
Sent: Wed, 7 Dec 2005 10:05:52 -0800
Subject: Re: [WISPA] How to
Authenticate/Protect(WasEthernetbasedauthentication)
> The idea,
for me is that by the time a company gets to the point that they
> need
to route they'll either know what they are doing. And/or they'll have
> someone on staff just to handle that issue.
>
> The
other problem I ran into back when was a shortage of ip addys. And
> routing to every customer wastes three ip addys for every one you get
to
> actually use. I don't think that's responsible stewardship.
>
> My new ap's block client to client communications, and
new manages switches
> that will vlan and packet filter will be the
next upgrades I'll do.
>
> We just broke the network in two.
So I've got 150ish broadband subs on one
> system and 150 on
another. Not exact numbers but close. One of the systems
>
went from t-1 to 10 meg so I don't have good numbers as to performance
> issues.
>
> The other one still has 100 megs coming
into it. On that system I see no
> difference.
>
>
I'm sure there's room for improvement. There always will be if a guy
wants
> to stay anywhere near the head of the pack.
>
>
One other thing that's not been brought up yet is over building. Today
we
> can build 3 to 10x more capacity into the network than the average
customer
> is demanding for the same cost or very nearly so as building
to meet
> customer demands. Having more capacity than is needed,
so far, is allowing
> us to significantly simplify the network.
Anyone can walk in here tomorrow
> and take over with a few phone
calls to tech support at most. There's
> nothing fancy going on
here. That's part of why I can take care of 250
> wireless subs,
50 fiber customers and hundreds of dialup people with me and
> two gals
that share a part time office job. Our wireless churn is almost
>
nil. I've lost a couple lately due to some trouble at a tower site.
It's
> caused by jerk off competitors and their 1 watt amps and
15+ db sector
> antennas though. And I tried to use a $120 sector
where I normally use $400
> ones. I'm not sure I'll ever learn
that lesson :-).
>
> Will we have to redo the network at some
point in the future? Sure. Will
> it suck? Sure.
But that's then and this is now. We just redid half of it
>
and it sucked. Big time. But only for a few days. WE have
taken the time
> to teach our customers how to do their own networking
stuff just like we
> took the time to teach them how to do their own
dialup stuff. When we need
> to make changes (or the customer
changes their gear) they can usually take
> care of it themselves or
with a little help from us via the phone.
>
> Both models work.
The real trick is making sure that they get deployed in
> the
right situation. Too big of a hammer is sometimes just as bad as too
> small of a one or vice verse.
>
> Oh yeah, I'm tired of
hearing small networks getting talked down to. With
> 100 subs
the average guy should be putting $2,000 to $3,000 per month in the
>
bank. That's enough money to keep the average mom home with the kids!
We'd
> be there today if we would just stop growing. Man,
a mom at home with the
> kids AND good cars to drive and a dad that's
not working 80 hours per week.
> Small WISPs are right in there with
the American dream man! This is good
> stuff!
>
>
Laters,
> Marlon
> (509) 982-2181
Equipment sales
> (408) 907-6910 (Vonage)
Consulting services
> 42846865 (icq)
And I run my own wisp!
> 64.146.146.12 (net meeting)
> www.odessaoffice.com/wireless
> www.odessaoffice.com/marlon/cam
>
> -----
Original Message -----
> From: "Lonnie Nunweiler"
<[EMAIL PROTECTED]>
> To: "WISPA General List"
<wireless@wispa.org>
> Sent: Tuesday, December 06, 2005 5:43 PM
> Subject: Re: [WISPA] How to
>
Authenticate/Protect(WasEthernetbasedauthentication)
>
> And
that is the second thing that guys do wrong. They use simple
>
bridged clients which are vulnerable to the issue of the backwards
>
router and they create a host of other issues.
>
> You are
building a network that connects to the Internet so why not
> use the
same network design that the Internet uses? Routed. Sure you
> will find sections that are bridged but anything that leaves the
> backbone is routed to the customer.
>
> Bridged or
rather no design is fine for small simple networks. Just
> plug
things in and get on to the next job. As you grow the troubles
>
will begin and then, eventually, you will have to reorganize your
>
entire network and move to a routed design. Why wait for all that
> pain? Do it right, from the start. Allow yourself to grow
and not
> have to go through that second painful redesign.
>
> I am usually silent and just watch the lists, but when I see wrong
> advice given I cannot watch in silence. It is wrong to not use
DHCP
> and it is wrong to use a bridged design. If you have
intentions of
> doing any sort of large customer base, please plan it
correctly from
> the start. Do not listen to the guys who tell
you to do it quick and
> dirty. I know this sounds preachy, but
man, I get 10 calls a day from
> people who have stated out quick and
dirty and they reach a certain
> size or get certain types of traffic,
and their network just
> collapses. The fix is to go to routed
and when they realize how much
> work it is to convert it, they all
wish they had followed my
> consistent advice. For more than 5
years I have said the same thing
> on the various lists. I even
got kicked off the Judd list for not
> backing down and agreeing that
hacked together bridges were the way to
> go.
>
>
Regards,
> Lonnie
>
> On 12/6/05, Marlon K. Schafer (509)
982-2181 <[EMAIL PROTECTED]> wrote:
> > Yeah, until some
lunkhead plugs his dsl router in backward. As they do
> > all
> > the time around here....
> >
> > No thanks,
no more DHCP troubles for me. Been there done that. Twice.
> > Never again.
> >
> > Marlon
> >
(509) 982-2181
Equipment sales
> > (408) 907-6910 (Vonage)
Consulting services
> > 42846865
(icq)
And I run my own wisp!
> > 64.146.146.12 (net meeting)
> > www.odessaoffice.com/wireless
> > www.odessaoffice.com/marlon/cam
> >
> >
> >
> > ----- Original Message -----
> > From:
"Lonnie Nunweiler" <[EMAIL PROTECTED]>
> > To:
<[EMAIL PROTECTED]>; "WISPA General List" <wireless@wispa.org>
> > Sent: Tuesday, December 06, 2005 2:27 PM
> > Subject:
Re: [WISPA] How to Authenticate/Protect
> >
(WasEthernetbasedauthentication)
> >
> >
> > The
same way you do it if you didn't run DHCP. Use PPPoE, HotSpot,
>
> static DHCP based on MAC, ACL for association at the AP, any number of
> > ways.
> >
> > DHCP has little to do with
authentication, although it can be a part
> > of the process.
What DHCP does is automate the user TCP settings so
> > that
if you renumber your system in order to move to routing it is
> >
painless to assign new numbers. If you have to change DNS servers
> > then that is also easy. Just change the DHCP config and
within an
> > hour everybody is using the new DNS.
> >
> > Don't run a network without it. It is priceless.
>
>
> > Lonnie
> >
> >
> > On
12/6/05, Ron Wallace <[EMAIL PROTECTED]> wrote:
> > >
Lonnie,
> > > So Lonnie, if I run DHCP, on my customers IP's, how
do I authenticate
> > > the users. I'm a real rookie at
this.
> > > Ron Wallace
> > > ---- Original message
----
> > > >Date: Tue, 6 Dec 2005 11:52:08 -0800
> >
> >From: Lonnie Nunweiler <[EMAIL PROTECTED]>
>
> > >Subject: Re: [WISPA] How to Authenticate/Protect (WasEthernet
> > > basedauthentication)
> > > >To: WISPA
General List <wireless@wispa.org>
> > > >
> >
> >If you take Marlon's advice and do not run DHCP then you get to have
> > > >that personal contact with each and every subscriber if
you ever have
> > > >to change network settings. With
DHCP running it is real simple and
> > > >quick to edit the
DHCP config and wait for the DHCP client renewal .
> > > >
> > > >My advice is completely the opposite. Use DHCP
for all of your
> > > >customers. You will be happy you
did and will mutter things when you
> > > >encounter someone
who is not on DHCP.
> > > >
> > > >The
personal contact is nice but what if you have several hundred
> >
> >customers? That is just a little too nice for my tastes.
> > > >
> > > >Lonnie
> > > >
> > > >On 12/6/05, Marlon K. Schafer (509) 982-2181
<[EMAIL PROTECTED]>
> > > wrote:
> > >
>> Don't run DHCP! And use mac filtering at the ap's. (I
use the
> > > smartbridges
> > > >> ap's.
they'll do radius and authenticate wireless subs just like my
> >
> dialup
> > > >> ones.)
> > > >>
> > > >> Marlon
> > > >> (509) 982-2181
Equipment sales
> > >
>> (408) 907-6910 (Vonage)
Consulting services
> > > >>
42846865 (icq)
And I run my own
> > > wisp!
> > > >> 64.146.146.12 (net
meeting)
> > > >> www.odessaoffice.com/wireless
> > > >> www.odessaoffice.com/marlon/cam
> > > >>
> > > >>
> > > >>
> > >
>> ----- Original Message -----
> > > >> From:
"Jason" <[EMAIL PROTECTED]>
> > > >> To:
"WISPA General List" <wireless@wispa.org>
> > > >>
Sent: Monday, December 05, 2005 9:39 PM
> > > >> Subject:
Re: [WISPA] How to Authenticate/Protect (WasEthernet
> > >
>> basedauthentication)
> > > >>
> > >
>>
> > > >> > Marlon,
> > > >>
>
> > > >> > I appreciate the advice.
Mostly I am interested in bullet proof
> > > >> >
authentication of my clients. Any suggestions?
> > >
>> >
> > > >> > Jason
> > >
>> >
> > > >> > Marlon K. Schafer (509)
982-2181 wrote:
> > > >> >
> > > >>
>> Hiya Jason,
> > > >> >>
> > >
>> >> You are mixing your networks.... You won't normally
run a
> > > homebrew
> > > >> >> product
to provide a top notch service.
> > > >> >>
>
> > >> >> If security is of THAT great an importance to you,
you should NOT
> > > run
> > > >> >>
wifi anything. Put in something much more off the wall. It's a
> > > lot
> > > >> >> harder to snoop if
you don't use one of the world's most common
> > > >>
>> protocols.
> > > >> >>
> > >
>> >> For these business guys I'd run Trango or something like
that.
> > > Good
> > > >> >> stuff but
not nearly as much of it in use and no free tools on the
> > >
>> >> internet for intercepting and cracking the data stream.
> > > >> >>
> > > >> >> What
we do is remind our customers that this is the internet.
> > >
They are
> > > >> >> hanging out there for thousands
upon thousands of people who's
> > > only
> > >
>> >> purpose in life is breaking into their machines and seeing
what
> > > they can
> > > >> >> learn.
If they have data that's that sensitive then they need a
> >
> high end
> > > >> >> internal firewall and they
need to VPN all internet traffic.
> > > >> >>
> > > >> >> That help?
> > > >>
>> Marlon
> > > >> >> (509) 982-2181
Equipment sales
> > > >>
>> (408) 907-6910 (Vonage)
Consulting services
> > > >>
>> 42846865 (icq)
And I run my
> > > own wisp!
> > > >> >>
64.146.146.12 (net meeting)
> > > >> >> www.odessaoffice.com/wireless
> > > >>
>> www.odessaoffice.com/marlon/cam
> > > >>
>>
> > > >> >>
> > > >>
>>
> > > >> >> ----- Original Message -----
From: "Jason"
> > > <[EMAIL PROTECTED]>
>
> > >> >> To: "WISPA General List"
<wireless@wispa.org>
> > > >> >> Sent: Friday,
December 02, 2005 3:20 PM
> > > >> >> Subject:
[WISPA] How to Authenticate/Protect (Was Ethernet
> > > >>
>> basedauthentication)
> > > >> >>
>
> > >> >>
> > > >> >>> List,
> > > >> >>>
> > > >>
>>> I am on the precipice, ready to take the plunge and
become a
> > > WISP
> > > >> >>>
(After 1 year of zoning, permits, 16 hr days, etc), but one
> > >
thing still
> > > >> >>> bothers me. I
haven't decided how to authenticate clients to my
> > > network
> > > >> >>> and REALLY protect their data.
The CPE's I will use,
> > > rootenna/Senao2611
>
> > >> >>> combos, do only WEP, which only obfuscates
data nowadays. MAC
> > > addresses
> > > >>
>>> can be cloned. Proxy login via a browser is obnoxious for
the
> > > end user.
> > > >> >>>
Ditto PPPoE & VPN logins. There is just no elegant, KISS
>
> > solution. I
> > > >> >>> was
looking at PPPoE or PPTP (poptop/linux) with Radius as my
> > >
system,
> > > >> >>> since this would accomplish
it, but seems like so much trouble
> > > and
> > >
>> >>> overhead. PPTP is not Mac friendly, PPPoE requires
clients
> > > (gasp) or a
> > > >>
>>> router (gack!) and the PPPoE server shipping with Linux is
> > > meant "for
> > > >> >>> testing
purposes only - man". I want an Always On (apparently)
> >
> system
> > > >> >>> for my clients that just
works.
> > > >> >>>
> > > >>
>>> How do you other (small) WISPs do this?
> > >
>> >>>
> > > >> >>>
Tangent: How do you Senao 2611 users keep Netbios & windows
>
> > network
> > > >> >>> neighborhood data
off the wireless network. I was told to add a
> > > SOHO
> > > >> >>> router to the mix, but don't want to
invest in more equipment to
> > > >> >>> maintain.
> > > >> >>>
> > > >>
>>> Jason Wallace
> > > >> >>> --
> > > >> >>> WISPA Wireless List:
wireless@wispa.org
> > > >> >>>
> > >
>> >>> Subscribe/Unsubscribe:
> > > >>
>>> http://lists.wispa.org/mailman/listinfo/wireless
>
> > >> >>>
> > > >> >>>
Archives: http://lists.wispa.org/pipermail/wireless/
> >
> >> >>>
> > > >> >>
> >
> >> > --
> > > >> > WISPA Wireless List:
wireless@wispa.org
> > > >> >
> > >
>> > Subscribe/Unsubscribe:
> > > >> > http://lists.wispa.org/mailman/listinfo/wireless
>
> > >> >
> > > >> > Archives: http://lists.wispa.org/pipermail/wireless/
> >
> >> >
> > > >>
> > > >> --
> > > >> WISPA Wireless List: wireless@wispa.org
>
> > >>
> > > >> Subscribe/Unsubscribe:
>
> > >> http://lists.wispa.org/mailman/listinfo/wireless
>
> > >>
> > > >> Archives: http://lists.wispa.org/pipermail/wireless/
> >
> >>
> > > >
> > > >
> >
> >--
> > > >Lonnie Nunweiler
> > >
>Valemount Networks Corporation
> > > >http://www.star-os.com/
> > > >--
> > > >WISPA Wireless List:
wireless@wispa.org
> > > >
> > >
>Subscribe/Unsubscribe:
> > > >http://lists.wispa.org/mailman/listinfo/wireless
>
> > >
> > > >Archives: http://lists.wispa.org/pipermail/wireless/
> >
> Ron Wallace
> > > Hahnron, Inc.
> > > 220 S.
Jackson St.
> > > Addison, MI 49220
> > >
>
> > Phone: (517) 547-8410
> > > Mobile: (517)
605-4542
> > > e-mail: [EMAIL PROTECTED]
> >
> --
> > > WISPA Wireless List: wireless@wispa.org
>
> >
> > > Subscribe/Unsubscribe:
> > > http://lists.wispa.org/mailman/listinfo/wireless
>
> >
> > > Archives: http://lists.wispa.org/pipermail/wireless/
> >
>
> >
> >
> > --
> > Lonnie
Nunweiler
> > Valemount Networks Corporation
> > http://www.star-os.com/
> > --
> > WISPA Wireless List: wireless@wispa.org
> >
> > Subscribe/Unsubscribe:
> > http://lists.wispa.org/mailman/listinfo/wireless
>
>
> > Archives: http://lists.wispa.org/pipermail/wireless/
> >
> > --
> > WISPA Wireless List: wireless@wispa.org
> >
> > Subscribe/Unsubscribe:
> > http://lists.wispa.org/mailman/listinfo/wireless
>
>
> > Archives: http://lists.wispa.org/pipermail/wireless/
> >
>
> --
> Lonnie Nunweiler
> Valemount Networks
Corporation
> http://www.star-os.com/
> --
> WISPA Wireless
List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>
>
--
> WISPA Wireless List: wireless@wispa.org
>
>
Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
-------
End of Original Message -------
--
WISPA Wireless List:
wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives:
http://lists.wispa.org/pipermail/wireless/
|
