[WISPA] Authentication Methods
Hi all, I currently am working on a project to develop a sustainable, manufacturer agnostic, easy to maintain and provision authentication system for our ISP. We have a mix of access points from Alvarion, Trango, MikroTik, Canopy, and others. We're currently running a distributed PPPoE model with MikroTik PPPoE concentrators. We're concerned about MikroTik's longevity, reliability and support as we move towards a more centralized PPPoE model where all our sessions terminate at a CO. We're looking to migrate over 1,000 customers, currently across 15 or so concentrators, to one single concentrator with either load balancing or redundancy. We're also trying to keep our decisions based around a future IPv6 implementation. My question is if anyone has had any experience in deploying large scale PPPoE with a centralized methodology. I have investigated the Open Source options such as rp-pppoe and others but have found that they don't offer any load-balancing or redundancy options, which are important considerations when moving to a centralized model. These packages also don't offer any type of integrated rate-limiting or burst-limiting based on RADIUS. Does anyone have any experience with other types of centralized authentication for customers that support IPv6 and include integration of rate-limiting/bursting? I have reached out to a Cisco integrator, ImageStream, Fine Point Technologies (http://www.finepoint.com/servpoet.html), and some others to find solutions. Thanks in advance, -- Nick Huanca WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Authentication Methods
Sounds like a job for FreeRADIUS to me. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Mon, Sep 21, 2009 at 3:48 PM, Nick Huanca n...@gaw.com wrote: Hi all, I currently am working on a project to develop a sustainable, manufacturer agnostic, easy to maintain and provision authentication system for our ISP. We have a mix of access points from Alvarion, Trango, MikroTik, Canopy, and others. We're currently running a distributed PPPoE model with MikroTik PPPoE concentrators. We're concerned about MikroTik's longevity, reliability and support as we move towards a more centralized PPPoE model where all our sessions terminate at a CO. We're looking to migrate over 1,000 customers, currently across 15 or so concentrators, to one single concentrator with either load balancing or redundancy. We're also trying to keep our decisions based around a future IPv6 implementation. My question is if anyone has had any experience in deploying large scale PPPoE with a centralized methodology. I have investigated the Open Source options such as rp-pppoe and others but have found that they don't offer any load-balancing or redundancy options, which are important considerations when moving to a centralized model. These packages also don't offer any type of integrated rate-limiting or burst-limiting based on RADIUS. Does anyone have any experience with other types of centralized authentication for customers that support IPv6 and include integration of rate-limiting/bursting? I have reached out to a Cisco integrator, ImageStream, Fine Point Technologies (http://www.finepoint.com/servpoet.html), and some others to find solutions. Thanks in advance, -- Nick Huanca WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Authentication Methods
The best suggestion I can offer you is that you should look into the folks who are doing this type of setup in the DSL world. Centrally authenticating / servicing 1000 to 100,000 subs is not un-common in the wireline world. Redback SMS500 or SMS1000/SMS1800 would easily terminate 1000 subs. You could use L2TP Tunnels across the network for the Edge Routers to the Core/Central PPPoE Server to accomplish what you are looking to do. Redundancy is normally achieved with the use a combination dynamic routing (BGP / OSPF) and using L2TP. Faisal Imtiaz Computer Office Solutions Inc. /SnappyDSL.net Ph: (305) 663-5518 x 232 -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Nick Huanca Sent: Monday, September 21, 2009 3:49 PM To: wireless@wispa.org Subject: [WISPA] Authentication Methods Hi all, I currently am working on a project to develop a sustainable, manufacturer agnostic, easy to maintain and provision authentication system for our ISP. We have a mix of access points from Alvarion, Trango, MikroTik, Canopy, and others. We're currently running a distributed PPPoE model with MikroTik PPPoE concentrators. We're concerned about MikroTik's longevity, reliability and support as we move towards a more centralized PPPoE model where all our sessions terminate at a CO. We're looking to migrate over 1,000 customers, currently across 15 or so concentrators, to one single concentrator with either load balancing or redundancy. We're also trying to keep our decisions based around a future IPv6 implementation. My question is if anyone has had any experience in deploying large scale PPPoE with a centralized methodology. I have investigated the Open Source options such as rp-pppoe and others but have found that they don't offer any load-balancing or redundancy options, which are important considerations when moving to a centralized model. These packages also don't offer any type of integrated rate-limiting or burst-limiting based on RADIUS. Does anyone have any experience with other types of centralized authentication for customers that support IPv6 and include integration of rate-limiting/bursting? I have reached out to a Cisco integrator, ImageStream, Fine Point Technologies (http://www.finepoint.com/servpoet.html), and some others to find solutions. Thanks in advance, -- Nick Huanca WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Authentication Methods
We use a Redback SMS1 to terminate our DSL/Wireless/Fiber/T1 customers via PPPoE/Bridges and Vlan's. Our wireless/DSL are all pppoe. I use the redback's tcp policing on the wireless clients, any radius server that's capable of using standard dictionary files will do. I use a cistron based server, which I've added my own patches to, I think freeradius is all the rage right now as well. If you are only looking to terminate 1000 sessions, a SMS500/1000 would probably do the job, you can pick them up for practically nothing on ebay these days. Cisco/Imagestream/Finepoint and a linux box can all terminate the clients, well Cisco/Finepoint for sure, I think Imagestream probably has the ability to terminate pppoe over ethernet at the time I was dealing with them they were just implementing the ability to terminate atm pvc's dynamically and relay to a radius server. Regards Michael Baird Sounds like a job for FreeRADIUS to me. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Mon, Sep 21, 2009 at 3:48 PM, Nick Huanca n...@gaw.com wrote: Hi all, I currently am working on a project to develop a sustainable, manufacturer agnostic, easy to maintain and provision authentication system for our ISP. We have a mix of access points from Alvarion, Trango, MikroTik, Canopy, and others. We're currently running a distributed PPPoE model with MikroTik PPPoE concentrators. We're concerned about MikroTik's longevity, reliability and support as we move towards a more centralized PPPoE model where all our sessions terminate at a CO. We're looking to migrate over 1,000 customers, currently across 15 or so concentrators, to one single concentrator with either load balancing or redundancy. We're also trying to keep our decisions based around a future IPv6 implementation. My question is if anyone has had any experience in deploying large scale PPPoE with a centralized methodology. I have investigated the Open Source options such as rp-pppoe and others but have found that they don't offer any load-balancing or redundancy options, which are important considerations when moving to a centralized model. These packages also don't offer any type of integrated rate-limiting or burst-limiting based on RADIUS. Does anyone have any experience with other types of centralized authentication for customers that support IPv6 and include integration of rate-limiting/bursting? I have reached out to a Cisco integrator, ImageStream, Fine Point Technologies (http://www.finepoint.com/servpoet.html), and some others to find solutions. Thanks in advance, -- Nick Huanca WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Authentication Methods
We're doing this with Cisco 65xx switches. Each tower comes in as a separate vlan, we do the PPPOE at the switch. We restrict all traffic from the towers (except to/from private IP management interfaces) to PPPOE. We use Radiator Radius with MySQL as a database backend. ~1500 PPPOE connections currently. We do all rate limiting on the switch as well. We have not done anything with IPv6 yet. Randy Nick Huanca wrote: Hi all, I currently am working on a project to develop a sustainable, manufacturer agnostic, easy to maintain and provision authentication system for our ISP. We have a mix of access points from Alvarion, Trango, MikroTik, Canopy, and others. We're currently running a distributed PPPoE model with MikroTik PPPoE concentrators. We're concerned about MikroTik's longevity, reliability and support as we move towards a more centralized PPPoE model where all our sessions terminate at a CO. We're looking to migrate over 1,000 customers, currently across 15 or so concentrators, to one single concentrator with either load balancing or redundancy. We're also trying to keep our decisions based around a future IPv6 implementation. My question is if anyone has had any experience in deploying large scale PPPoE with a centralized methodology. I have investigated the Open Source options such as rp-pppoe and others but have found that they don't offer any load-balancing or redundancy options, which are important considerations when moving to a centralized model. These packages also don't offer any type of integrated rate-limiting or burst-limiting based on RADIUS. Does anyone have any experience with other types of centralized authentication for customers that support IPv6 and include integration of rate-limiting/bursting? I have reached out to a Cisco integrator, ImageStream, Fine Point Technologies (http://www.finepoint.com/servpoet.html), and some others to find solutions. Thanks in advance, -- Randy Cosby Vice President InfoWest, Inc work: 435-773-6071 email: rco...@infowest.com http://www.linkedin.com/in/randycosby WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Authentication Methods
I think first off, why the concern over Mikrotik longevity? Do you not think the company will be around, or do you just not see it scaling (for whatever reason) to the level that you want / need? Personally, I'm not sure what you're looking for that's not already out there. Build a mikrotik concentrator with a good spec server (or two), dropin Freeradius Oas someone else already mentioned) and you should be good for a long time. Sent from Windows mobile device... -Original Message- From: Nick Huanca n...@gaw.com Sent: Monday, September 21, 2009 2:48 PM To: wireless@wispa.org Subject: [WISPA] Authentication Methods Hi all, I currently am working on a project to develop a sustainable, manufacturer agnostic, easy to maintain and provision authentication system for our ISP. We have a mix of access points from Alvarion, Trango, MikroTik, Canopy, and others. We're currently running a distributed PPPoE model with MikroTik PPPoE concentrators. We're concerned about MikroTik's longevity, reliability and support as we move towards a more centralized PPPoE model where all our sessions terminate at a CO. We're looking to migrate over 1,000 customers, currently across 15 or so concentrators, to one single concentrator with either load balancing or redundancy. We're also trying to keep our decisions based around a future IPv6 implementation. My question is if anyone has had any experience in deploying large scale PPPoE with a centralized methodology. I have investigated the Open Source options such as rp-pppoe and others but have found that they don't offer any load-balancing or redundancy options, which are important considerations when moving to a centralized model. These packages also don't offer any type of integrated rate-limiting or burst-limiting based on RADIUS. Does anyone have any experience with other types of centralized authentication for customers that support IPv6 and include integration of rate-limiting/bursting? I have reached out to a Cisco integrator, ImageStream, Fine Point Technologies (http://www.finepoint.com/servpoet.html), and some others to find solutions. Thanks in advance, -- Nick Huanca WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Authentication Methods
I've been trying to get around to FreeRADIUS. Do you use that, Josh? I've been looking at Radius Manager as well and have the download but have yet to do a darn thing with any of it. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Monday, September 21, 2009 3:58 PM To: WISPA General List Subject: Re: [WISPA] Authentication Methods Sounds like a job for FreeRADIUS to me. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Mon, Sep 21, 2009 at 3:48 PM, Nick Huanca n...@gaw.com wrote: Hi all, I currently am working on a project to develop a sustainable, manufacturer agnostic, easy to maintain and provision authentication system for our ISP. We have a mix of access points from Alvarion, Trango, MikroTik, Canopy, and others. We're currently running a distributed PPPoE model with MikroTik PPPoE concentrators. We're concerned about MikroTik's longevity, reliability and support as we move towards a more centralized PPPoE model where all our sessions terminate at a CO. We're looking to migrate over 1,000 customers, currently across 15 or so concentrators, to one single concentrator with either load balancing or redundancy. We're also trying to keep our decisions based around a future IPv6 implementation. My question is if anyone has had any experience in deploying large scale PPPoE with a centralized methodology. I have investigated the Open Source options such as rp-pppoe and others but have found that they don't offer any load-balancing or redundancy options, which are important considerations when moving to a centralized model. These packages also don't offer any type of integrated rate-limiting or burst-limiting based on RADIUS. Does anyone have any experience with other types of centralized authentication for customers that support IPv6 and include integration of rate-limiting/bursting? I have reached out to a Cisco integrator, ImageStream, Fine Point Technologies (http://www.finepoint.com/servpoet.html), and some others to find solutions. Thanks in advance, -- Nick Huanca WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Authentication Methods
I do not personally, no. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Mon, Sep 21, 2009 at 5:36 PM, Robert West robert.w...@just-micro.comwrote: I've been trying to get around to FreeRADIUS. Do you use that, Josh? I've been looking at Radius Manager as well and have the download but have yet to do a darn thing with any of it. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Monday, September 21, 2009 3:58 PM To: WISPA General List Subject: Re: [WISPA] Authentication Methods Sounds like a job for FreeRADIUS to me. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Mon, Sep 21, 2009 at 3:48 PM, Nick Huanca n...@gaw.com wrote: Hi all, I currently am working on a project to develop a sustainable, manufacturer agnostic, easy to maintain and provision authentication system for our ISP. We have a mix of access points from Alvarion, Trango, MikroTik, Canopy, and others. We're currently running a distributed PPPoE model with MikroTik PPPoE concentrators. We're concerned about MikroTik's longevity, reliability and support as we move towards a more centralized PPPoE model where all our sessions terminate at a CO. We're looking to migrate over 1,000 customers, currently across 15 or so concentrators, to one single concentrator with either load balancing or redundancy. We're also trying to keep our decisions based around a future IPv6 implementation. My question is if anyone has had any experience in deploying large scale PPPoE with a centralized methodology. I have investigated the Open Source options such as rp-pppoe and others but have found that they don't offer any load-balancing or redundancy options, which are important considerations when moving to a centralized model. These packages also don't offer any type of integrated rate-limiting or burst-limiting based on RADIUS. Does anyone have any experience with other types of centralized authentication for customers that support IPv6 and include integration of rate-limiting/bursting? I have reached out to a Cisco integrator, ImageStream, Fine Point Technologies (http://www.finepoint.com/servpoet.html), and some others to find solutions. Thanks in advance, -- Nick Huanca WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Authentication Methods
On Mon, 2009-09-21 at 17:36 -0400, Robert West wrote: I've been trying to get around to FreeRADIUS. Do you use that, Josh? I've been looking at Radius Manager as well and have the download but have yet to do a darn thing with any of it. I have been using it for almost 10 years and its one of my favorite Radius servers to work with, both paid and open source. -- Jeremy Davis jere...@maximumtech.us WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Authentication Methods
I have deployed FreeRADIUS for large ISPs terminating PPPoE on Cisco (14,000 subs) and RedBack gear (200K subs). Works great. Tim Disclaimer: By day I am a FreeRADIUS consultant. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Robert West Sent: Monday, September 21, 2009 2:36 PM To: 'WISPA General List' Subject: Re: [WISPA] Authentication Methods I've been trying to get around to FreeRADIUS. Do you use that, Josh? I've been looking at Radius Manager as well and have the download but have yet to do a darn thing with any of it. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Monday, September 21, 2009 3:58 PM To: WISPA General List Subject: Re: [WISPA] Authentication Methods Sounds like a job for FreeRADIUS to me. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Mon, Sep 21, 2009 at 3:48 PM, Nick Huanca n...@gaw.com wrote: Hi all, I currently am working on a project to develop a sustainable, manufacturer agnostic, easy to maintain and provision authentication system for our ISP. We have a mix of access points from Alvarion, Trango, MikroTik, Canopy, and others. We're currently running a distributed PPPoE model with MikroTik PPPoE concentrators. We're concerned about MikroTik's longevity, reliability and support as we move towards a more centralized PPPoE model where all our sessions terminate at a CO. We're looking to migrate over 1,000 customers, currently across 15 or so concentrators, to one single concentrator with either load balancing or redundancy. We're also trying to keep our decisions based around a future IPv6 implementation. My question is if anyone has had any experience in deploying large scale PPPoE with a centralized methodology. I have investigated the Open Source options such as rp-pppoe and others but have found that they don't offer any load-balancing or redundancy options, which are important considerations when moving to a centralized model. These packages also don't offer any type of integrated rate-limiting or burst-limiting based on RADIUS. Does anyone have any experience with other types of centralized authentication for customers that support IPv6 and include integration of rate-limiting/bursting? I have reached out to a Cisco integrator, ImageStream, Fine Point Technologies (http://www.finepoint.com/servpoet.html), and some others to find solutions. Thanks in advance, -- Nick Huanca --- - WISPA Wants You! Join today! http://signup.wispa.org/ --- - WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ --- - WISPA Wants You! Join today! http://signup.wispa.org/ --- - WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ --- - WISPA Wants You! Join today! http://signup.wispa.org/ --- - WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Authentication Methods
Ah, an unbiased opinion! An honest man I see. I'll install the thing someday. I'm only 2 years behind in my to-do list. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Tim Sylvester Sent: Monday, September 21, 2009 5:59 PM To: 'WISPA General List' Subject: Re: [WISPA] Authentication Methods I have deployed FreeRADIUS for large ISPs terminating PPPoE on Cisco (14,000 subs) and RedBack gear (200K subs). Works great. Tim Disclaimer: By day I am a FreeRADIUS consultant. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Robert West Sent: Monday, September 21, 2009 2:36 PM To: 'WISPA General List' Subject: Re: [WISPA] Authentication Methods I've been trying to get around to FreeRADIUS. Do you use that, Josh? I've been looking at Radius Manager as well and have the download but have yet to do a darn thing with any of it. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Monday, September 21, 2009 3:58 PM To: WISPA General List Subject: Re: [WISPA] Authentication Methods Sounds like a job for FreeRADIUS to me. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Mon, Sep 21, 2009 at 3:48 PM, Nick Huanca n...@gaw.com wrote: Hi all, I currently am working on a project to develop a sustainable, manufacturer agnostic, easy to maintain and provision authentication system for our ISP. We have a mix of access points from Alvarion, Trango, MikroTik, Canopy, and others. We're currently running a distributed PPPoE model with MikroTik PPPoE concentrators. We're concerned about MikroTik's longevity, reliability and support as we move towards a more centralized PPPoE model where all our sessions terminate at a CO. We're looking to migrate over 1,000 customers, currently across 15 or so concentrators, to one single concentrator with either load balancing or redundancy. We're also trying to keep our decisions based around a future IPv6 implementation. My question is if anyone has had any experience in deploying large scale PPPoE with a centralized methodology. I have investigated the Open Source options such as rp-pppoe and others but have found that they don't offer any load-balancing or redundancy options, which are important considerations when moving to a centralized model. These packages also don't offer any type of integrated rate-limiting or burst-limiting based on RADIUS. Does anyone have any experience with other types of centralized authentication for customers that support IPv6 and include integration of rate-limiting/bursting? I have reached out to a Cisco integrator, ImageStream, Fine Point Technologies (http://www.finepoint.com/servpoet.html), and some others to find solutions. Thanks in advance, -- Nick Huanca --- - WISPA Wants You! Join today! http://signup.wispa.org/ --- - WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ --- - WISPA Wants You! Join today! http://signup.wispa.org/ --- - WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ --- - WISPA Wants You! Join today! http://signup.wispa.org/ --- - WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org
Re: [WISPA] Authentication Methods
We have PowerRouter 732s (under 1500 MSRP) doing over 2500 PPPoE sessions without issues, and PowerRouter 2282s with over 5k currently. Just a FYI. --- Dennis Burgess, CCNA, A+, Mikrotik Certified Trainer WISPA Board Member - wispa.org Link Technologies, Inc -- Mikrotik WISP Support Services WISPA Vendor Member Office: 314-735-0270 Website: http://www.linktechs.net LIVE On-Line Mikrotik Training Author of Learn RouterOS -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Jason Hensley Sent: Monday, September 21, 2009 3:29 PM To: WISPA General List Subject: Re: [WISPA] Authentication Methods I think first off, why the concern over Mikrotik longevity? Do you not think the company will be around, or do you just not see it scaling (for whatever reason) to the level that you want / need? Personally, I'm not sure what you're looking for that's not already out there. Build a mikrotik concentrator with a good spec server (or two), dropin Freeradius Oas someone else already mentioned) and you should be good for a long time. Sent from Windows mobile device... -Original Message- From: Nick Huanca n...@gaw.com Sent: Monday, September 21, 2009 2:48 PM To: wireless@wispa.org Subject: [WISPA] Authentication Methods Hi all, I currently am working on a project to develop a sustainable, manufacturer agnostic, easy to maintain and provision authentication system for our ISP. We have a mix of access points from Alvarion, Trango, MikroTik, Canopy, and others. We're currently running a distributed PPPoE model with MikroTik PPPoE concentrators. We're concerned about MikroTik's longevity, reliability and support as we move towards a more centralized PPPoE model where all our sessions terminate at a CO. We're looking to migrate over 1,000 customers, currently across 15 or so concentrators, to one single concentrator with either load balancing or redundancy. We're also trying to keep our decisions based around a future IPv6 implementation. My question is if anyone has had any experience in deploying large scale PPPoE with a centralized methodology. I have investigated the Open Source options such as rp-pppoe and others but have found that they don't offer any load-balancing or redundancy options, which are important considerations when moving to a centralized model. These packages also don't offer any type of integrated rate-limiting or burst-limiting based on RADIUS. Does anyone have any experience with other types of centralized authentication for customers that support IPv6 and include integration of rate-limiting/bursting? I have reached out to a Cisco integrator, ImageStream, Fine Point Technologies (http://www.finepoint.com/servpoet.html), and some others to find solutions. Thanks in advance, -- Nick Huanca WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Authentication Methods
Dennis, You have a very interesting product line. I appreciate your feed back on the options that are available today with MikroTik. Looks like something worth investigating. --Nick Huanca On Mon, Sep 21, 2009 at 4:37 PM, Dennis Burgess dmburg...@linktechs.netwrote: We have PowerRouter 732s (under 1500 MSRP) doing over 2500 PPPoE sessions without issues, and PowerRouter 2282s with over 5k currently. Just a FYI. --- Dennis Burgess, CCNA, A+, Mikrotik Certified Trainer WISPA Board Member - wispa.org Link Technologies, Inc -- Mikrotik WISP Support Services WISPA Vendor Member Office: 314-735-0270 Website: http://www.linktechs.net LIVE On-Line Mikrotik Training Author of Learn RouterOS -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Jason Hensley Sent: Monday, September 21, 2009 3:29 PM To: WISPA General List Subject: Re: [WISPA] Authentication Methods I think first off, why the concern over Mikrotik longevity? Do you not think the company will be around, or do you just not see it scaling (for whatever reason) to the level that you want / need? Personally, I'm not sure what you're looking for that's not already out there. Build a mikrotik concentrator with a good spec server (or two), dropin Freeradius Oas someone else already mentioned) and you should be good for a long time. Sent from Windows mobile device... -Original Message- From: Nick Huanca n...@gaw.com Sent: Monday, September 21, 2009 2:48 PM To: wireless@wispa.org Subject: [WISPA] Authentication Methods Hi all, I currently am working on a project to develop a sustainable, manufacturer agnostic, easy to maintain and provision authentication system for our ISP. We have a mix of access points from Alvarion, Trango, MikroTik, Canopy, and others. We're currently running a distributed PPPoE model with MikroTik PPPoE concentrators. We're concerned about MikroTik's longevity, reliability and support as we move towards a more centralized PPPoE model where all our sessions terminate at a CO. We're looking to migrate over 1,000 customers, currently across 15 or so concentrators, to one single concentrator with either load balancing or redundancy. We're also trying to keep our decisions based around a future IPv6 implementation. My question is if anyone has had any experience in deploying large scale PPPoE with a centralized methodology. I have investigated the Open Source options such as rp-pppoe and others but have found that they don't offer any load-balancing or redundancy options, which are important considerations when moving to a centralized model. These packages also don't offer any type of integrated rate-limiting or burst-limiting based on RADIUS. Does anyone have any experience with other types of centralized authentication for customers that support IPv6 and include integration of rate-limiting/bursting? I have reached out to a Cisco integrator, ImageStream, Fine Point Technologies (http://www.finepoint.com/servpoet.html), and some others to find solutions. Thanks in advance, -- Nick Huanca WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Authentication Methods
Hi Tim, Do you know if the Cisco products or the Redback products support bursting based on RADIUS attributes? Thanks, --Nick Huanca On Mon, Sep 21, 2009 at 5:58 PM, Tim Sylvester t...@avanzarnetworks.comwrote: I have deployed FreeRADIUS for large ISPs terminating PPPoE on Cisco (14,000 subs) and RedBack gear (200K subs). Works great. Tim Disclaimer: By day I am a FreeRADIUS consultant. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Robert West Sent: Monday, September 21, 2009 2:36 PM To: 'WISPA General List' Subject: Re: [WISPA] Authentication Methods I've been trying to get around to FreeRADIUS. Do you use that, Josh? I've been looking at Radius Manager as well and have the download but have yet to do a darn thing with any of it. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Josh Luthman Sent: Monday, September 21, 2009 3:58 PM To: WISPA General List Subject: Re: [WISPA] Authentication Methods Sounds like a job for FreeRADIUS to me. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Mon, Sep 21, 2009 at 3:48 PM, Nick Huanca n...@gaw.com wrote: Hi all, I currently am working on a project to develop a sustainable, manufacturer agnostic, easy to maintain and provision authentication system for our ISP. We have a mix of access points from Alvarion, Trango, MikroTik, Canopy, and others. We're currently running a distributed PPPoE model with MikroTik PPPoE concentrators. We're concerned about MikroTik's longevity, reliability and support as we move towards a more centralized PPPoE model where all our sessions terminate at a CO. We're looking to migrate over 1,000 customers, currently across 15 or so concentrators, to one single concentrator with either load balancing or redundancy. We're also trying to keep our decisions based around a future IPv6 implementation. My question is if anyone has had any experience in deploying large scale PPPoE with a centralized methodology. I have investigated the Open Source options such as rp-pppoe and others but have found that they don't offer any load-balancing or redundancy options, which are important considerations when moving to a centralized model. These packages also don't offer any type of integrated rate-limiting or burst-limiting based on RADIUS. Does anyone have any experience with other types of centralized authentication for customers that support IPv6 and include integration of rate-limiting/bursting? I have reached out to a Cisco integrator, ImageStream, Fine Point Technologies (http://www.finepoint.com/servpoet.html), and some others to find solutions. Thanks in advance, -- Nick Huanca --- - WISPA Wants You! Join today! http://signup.wispa.org/ --- - WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ --- - WISPA Wants You! Join today! http://signup.wispa.org/ --- - WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ --- - WISPA Wants You! Join today! http://signup.wispa.org/ --- - WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless WISPA Wants You! Join today! http://signup.wispa.org
Re: [WISPA] Authentication Methods
I would like to thank all those who responded for their insight and experience. I had not seen if anyone had any experience with IPv6 implementations and PPPoE. Anyone out there running v6 networks? Thanks, On Mon, Sep 21, 2009 at 3:48 PM, Nick Huanca n...@gaw.com wrote: Hi all, I currently am working on a project to develop a sustainable, manufacturer agnostic, easy to maintain and provision authentication system for our ISP. We have a mix of access points from Alvarion, Trango, MikroTik, Canopy, and others. We're currently running a distributed PPPoE model with MikroTik PPPoE concentrators. We're concerned about MikroTik's longevity, reliability and support as we move towards a more centralized PPPoE model where all our sessions terminate at a CO. We're looking to migrate over 1,000 customers, currently across 15 or so concentrators, to one single concentrator with either load balancing or redundancy. We're also trying to keep our decisions based around a future IPv6 implementation. My question is if anyone has had any experience in deploying large scale PPPoE with a centralized methodology. I have investigated the Open Source options such as rp-pppoe and others but have found that they don't offer any load-balancing or redundancy options, which are important considerations when moving to a centralized model. These packages also don't offer any type of integrated rate-limiting or burst-limiting based on RADIUS. Does anyone have any experience with other types of centralized authentication for customers that support IPv6 and include integration of rate-limiting/bursting? I have reached out to a Cisco integrator, ImageStream, Fine Point Technologies (http://www.finepoint.com/servpoet.html), and some others to find solutions. Thanks in advance, -- Nick Huanca -- Nick Huanca Inside Plant Manager GAW High-Speed Internet 1300 Putney Rd Brattleboro, VT 05301 [offices] (877) 220-2873 [direct] (802) 246-1192 x214 [mobile] (413) 570-0120 www.gaw.com --- PRIVACY AND CONFIDENTIALITY NOTICE: This communication and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or legally privileged or protected information. If you believe you have received this communication in error, please immediately reply to the sender and delete this message. Any use, disclosure, retransmission, distribution, copying, or taking of any action based on this information by any person or entity other than the intended recipient is strictly prohibited and may be unlawful. Because e-mail can be altered electronically, the integrity of this communication cannot be guaranteed. WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Authentication Methods
Yikes! Money well spent, I must say! -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Dennis Burgess Sent: Monday, September 21, 2009 4:38 PM To: WISPA General List Subject: Re: [WISPA] Authentication Methods We have PowerRouter 732s (under 1500 MSRP) doing over 2500 PPPoE sessions without issues, and PowerRouter 2282s with over 5k currently. Just a FYI. --- Dennis Burgess, CCNA, A+, Mikrotik Certified Trainer WISPA Board Member - wispa.org Link Technologies, Inc -- Mikrotik WISP Support Services WISPA Vendor Member Office: 314-735-0270 Website: http://www.linktechs.net LIVE On-Line Mikrotik Training Author of Learn RouterOS -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Jason Hensley Sent: Monday, September 21, 2009 3:29 PM To: WISPA General List Subject: Re: [WISPA] Authentication Methods I think first off, why the concern over Mikrotik longevity? Do you not think the company will be around, or do you just not see it scaling (for whatever reason) to the level that you want / need? Personally, I'm not sure what you're looking for that's not already out there. Build a mikrotik concentrator with a good spec server (or two), dropin Freeradius Oas someone else already mentioned) and you should be good for a long time. Sent from Windows mobile device... -Original Message- From: Nick Huanca n...@gaw.com Sent: Monday, September 21, 2009 2:48 PM To: wireless@wispa.org Subject: [WISPA] Authentication Methods Hi all, I currently am working on a project to develop a sustainable, manufacturer agnostic, easy to maintain and provision authentication system for our ISP. We have a mix of access points from Alvarion, Trango, MikroTik, Canopy, and others. We're currently running a distributed PPPoE model with MikroTik PPPoE concentrators. We're concerned about MikroTik's longevity, reliability and support as we move towards a more centralized PPPoE model where all our sessions terminate at a CO. We're looking to migrate over 1,000 customers, currently across 15 or so concentrators, to one single concentrator with either load balancing or redundancy. We're also trying to keep our decisions based around a future IPv6 implementation. My question is if anyone has had any experience in deploying large scale PPPoE with a centralized methodology. I have investigated the Open Source options such as rp-pppoe and others but have found that they don't offer any load-balancing or redundancy options, which are important considerations when moving to a centralized model. These packages also don't offer any type of integrated rate-limiting or burst-limiting based on RADIUS. Does anyone have any experience with other types of centralized authentication for customers that support IPv6 and include integration of rate-limiting/bursting? I have reached out to a Cisco integrator, ImageStream, Fine Point Technologies (http://www.finepoint.com/servpoet.html), and some others to find solutions. Thanks in advance, -- Nick Huanca WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Authentication Methods
I'll look into this. Tim -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Nick Huanca Sent: Monday, September 21, 2009 8:23 PM To: WISPA General List Subject: Re: [WISPA] Authentication Methods Hi Tim, Do you know if the Cisco products or the Redback products support bursting based on RADIUS attributes? Thanks, --Nick Huanca On Mon, Sep 21, 2009 at 5:58 PM, Tim Sylvester t...@avanzarnetworks.comwrote: I have deployed FreeRADIUS for large ISPs terminating PPPoE on Cisco (14,000 subs) and RedBack gear (200K subs). Works great. Tim Disclaimer: By day I am a FreeRADIUS consultant. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless- boun...@wispa.org] On Behalf Of Robert West Sent: Monday, September 21, 2009 2:36 PM To: 'WISPA General List' Subject: Re: [WISPA] Authentication Methods I've been trying to get around to FreeRADIUS. Do you use that, Josh? I've been looking at Radius Manager as well and have the download but have yet to do a darn thing with any of it. -Original Message- From: wireless-boun...@wispa.org [mailto:wireless- boun...@wispa.org] On Behalf Of Josh Luthman Sent: Monday, September 21, 2009 3:58 PM To: WISPA General List Subject: Re: [WISPA] Authentication Methods Sounds like a job for FreeRADIUS to me. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 When you have eliminated the impossible, that which remains, however improbable, must be the truth. --- Sir Arthur Conan Doyle On Mon, Sep 21, 2009 at 3:48 PM, Nick Huanca n...@gaw.com wrote: Hi all, I currently am working on a project to develop a sustainable, manufacturer agnostic, easy to maintain and provision authentication system for our ISP. We have a mix of access points from Alvarion, Trango, MikroTik, Canopy, and others. We're currently running a distributed PPPoE model with MikroTik PPPoE concentrators. We're concerned about MikroTik's longevity, reliability and support as we move towards a more centralized PPPoE model where all our sessions terminate at a CO. We're looking to migrate over 1,000 customers, currently across 15 or so concentrators, to one single concentrator with either load balancing or redundancy. We're also trying to keep our decisions based around a future IPv6 implementation. My question is if anyone has had any experience in deploying large scale PPPoE with a centralized methodology. I have investigated the Open Source options such as rp-pppoe and others but have found that they don't offer any load-balancing or redundancy options, which are important considerations when moving to a centralized model. These packages also don't offer any type of integrated rate-limiting or burst-limiting based on RADIUS. Does anyone have any experience with other types of centralized authentication for customers that support IPv6 and include integration of rate-limiting/bursting? I have reached out to a Cisco integrator, ImageStream, Fine Point Technologies (http://www.finepoint.com/servpoet.html), and some others to find solutions. Thanks in advance, -- Nick Huanca --- - WISPA Wants You! Join today! http://signup.wispa.org/ --- - WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ --- - WISPA Wants You! Join today! http://signup.wispa.org/ --- - WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ --- - WISPA Wants You! Join today! http://signup.wispa.org/ --- - WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ - --- WISPA Wants You! Join today! http