I am looking to purchase access points for a corporate environment to working in conjunction with a router.
It is my understanding that the use of the internet from the access points will be available to the public, although based on the installation it is unlikely that the public will be able to establish a quality link with these APs.
We naturally are concerned about traffic shaping on the whole, and port blocking unregistered users from certain TCP operations : SMTP, SNMP, POP, FTP we expect to use a captive portal.
While it is my intention to build this from scratch using some combination of IPF's mssclamp and trickle and or CBQ, ALTQ. As the captive portal will also be running squid, and NATing a computer network and a cluster of VoIP systems. I am open to any suggestions/ pitfall warnings.
Also of great concern is ease of replacement of the APs. It used to be that commercial grade access points could be configured by way of a serial port only, and that if two access points were allowed to share a physical segment there was no way one access point could be used as a bridge to attack the other. With configuration by https or worse yet SNMP it is impossible to put 2 APs on the same network segment and not expect trouble. It is also harder to write scripts to restore settings on this APs than their serial counterparts. APs might fail, or otherwise become deprogrammed. In what may be the Famous Last Words of NORAD: "Hey! whats this button do?" Are these old world access points still on the market?
Has anyone any experience with such security concerns?
The very powerful and the very stupid have one thing in common.
Instead of altering their views to fit the facts, they alter the facts
to fit their views ... which can be very uncomfortable if you happen to
be one of the facts that needs altering.
-- Doctor Who, "Face of Evil"Robin-David Hammond KB3IEN
www.databit7.com.
www.aresnyc.org.
www.kb3ien.us.
--
NYCwireless - http://www.nycwireless.net/
Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/
Archives: http://lists.nycwireless.net/pipermail/nycwireless/
