Re: [WISPA] DHCP with a twist

2006-11-15 Thread David E. Smith
Sam Tetherow wrote:
 Being five days late on this you have probably already solved it, but
 just in case

Not really, no. :) I'm still in the planning phase of this next change
in the network.

 The CB3 will request a DHCP address with it's MAC address (assuming it
 is set to DHCP).  When the PC or router behind the CB3 requests a DHCP
 lease you will see the MAC for that device.  The DHCP REQUEST message
 actually contains the MAC address it is requesting an IP for, it is not
 just assumed to be the MAC address that is seen making the request.  The
 biggest issue I could think of with this setup is when the customers
 device changes (new router or NIC) they will have to call into the NOC
 and the DHCP assignment will have to be changed.

That's the problem I was hoping to avoid.

Honestly, I really like (from a technical standpoint) the cable modem
solution to all this. DOCSIS addresses pretty much every question I've
ever had, and then some. Heck, it even includes enforcing your bandwidth
quotas right there in the CPE, which gives me fits of giggles every time
I think about it. And it's dead simple for the customer to set up,
because there basically is no set-up to be done.

I'm sure there's a way to duplicate the benefits of DOCSIS on a wireless
network, I just haven't figured it out yet :)

David Smith
MVN.net
-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] DHCP with a twist

2006-11-15 Thread Sam Tetherow

There is a way, it is just more expensive than a CB3 ;)

One idea I have had is to set up a 'walled garden' for unknown DHCP 
assignments.  In other words if they don't match a static lease they go 
into a seperate address space which is restricted to an internal web 
site.  From they they can log in with their username and password from 
email and it will automagically figure out what mac goes with what IP 
address.


The code wouldn't take much in my setup, given their dynamic IP I know 
what AP they are on.  The program then logs into the AP and pulls the 
DHCP assignment from the lease table.  Given the username and password 
they logged in with I can tell what the IP is suppose to be and I can 
now update the static lease.  This wouldn't be that hard to write since 
I use MT for my APs.


But looking at the setup I ask myself, wouldn't it just make more sense 
to go PPPoE instead?  Less work on my end, it is standard and there is 
less stuff to break.


   Sam Tetherow
   Sandhills Wireless

David E. Smith wrote:

Sam Tetherow wrote:
  

Being five days late on this you have probably already solved it, but
just in case



Not really, no. :) I'm still in the planning phase of this next change
in the network.

  

The CB3 will request a DHCP address with it's MAC address (assuming it
is set to DHCP).  When the PC or router behind the CB3 requests a DHCP
lease you will see the MAC for that device.  The DHCP REQUEST message
actually contains the MAC address it is requesting an IP for, it is not
just assumed to be the MAC address that is seen making the request.  The
biggest issue I could think of with this setup is when the customers
device changes (new router or NIC) they will have to call into the NOC
and the DHCP assignment will have to be changed.



That's the problem I was hoping to avoid.

Honestly, I really like (from a technical standpoint) the cable modem
solution to all this. DOCSIS addresses pretty much every question I've
ever had, and then some. Heck, it even includes enforcing your bandwidth
quotas right there in the CPE, which gives me fits of giggles every time
I think about it. And it's dead simple for the customer to set up,
because there basically is no set-up to be done.

I'm sure there's a way to duplicate the benefits of DOCSIS on a wireless
network, I just haven't figured it out yet :)

David Smith
MVN.net
  


--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] DHCP with a twist

2006-11-15 Thread Eric Merkel

You can do all this with DHCP at least with ISC's version of DHCPD. I
won't go into all the gory details but you but you can use clases to
put different mac's into different groups of IP ranges etc.

For example we set all of our CB3's to DHCP and based on their MAC
address we throw them into a private IP range. That way our techs can
log into them remotely and manage them. Then the customer's router MAC
goes into a separate class which gives them a public IP address and
then our packet shaper limits their speed based on which plan they
purchased.

You can also take any MAC address that is not registered in your DHCP
server and give them a BOGUS IP and DNS server which forces all
traffic to a registration server(walled garden) that allows them put
in their username and password. If it authenticates, then it put's
their MAC into the known clients and lets them have a real public IP
and away they go.

Anyhow, I guess what I am saying what you want to do is all possible
via DHCP. You don't have to add the additional overhead of PPPoE to
make what you want to do happen.

-Eric

On 11/15/06, Sam Tetherow [EMAIL PROTECTED] wrote:

There is a way, it is just more expensive than a CB3 ;)

One idea I have had is to set up a 'walled garden' for unknown DHCP
assignments.  In other words if they don't match a static lease they go
into a seperate address space which is restricted to an internal web
site.  From they they can log in with their username and password from
email and it will automagically figure out what mac goes with what IP
address.

The code wouldn't take much in my setup, given their dynamic IP I know
what AP they are on.  The program then logs into the AP and pulls the
DHCP assignment from the lease table.  Given the username and password
they logged in with I can tell what the IP is suppose to be and I can
now update the static lease.  This wouldn't be that hard to write since
I use MT for my APs.

But looking at the setup I ask myself, wouldn't it just make more sense
to go PPPoE instead?  Less work on my end, it is standard and there is
less stuff to break.

Sam Tetherow
Sandhills Wireless

David E. Smith wrote:
 Sam Tetherow wrote:

 Being five days late on this you have probably already solved it, but
 just in case


 Not really, no. :) I'm still in the planning phase of this next change
 in the network.


 The CB3 will request a DHCP address with it's MAC address (assuming it
 is set to DHCP).  When the PC or router behind the CB3 requests a DHCP
 lease you will see the MAC for that device.  The DHCP REQUEST message
 actually contains the MAC address it is requesting an IP for, it is not
 just assumed to be the MAC address that is seen making the request.  The
 biggest issue I could think of with this setup is when the customers
 device changes (new router or NIC) they will have to call into the NOC
 and the DHCP assignment will have to be changed.


 That's the problem I was hoping to avoid.

 Honestly, I really like (from a technical standpoint) the cable modem
 solution to all this. DOCSIS addresses pretty much every question I've
 ever had, and then some. Heck, it even includes enforcing your bandwidth
 quotas right there in the CPE, which gives me fits of giggles every time
 I think about it. And it's dead simple for the customer to set up,
 because there basically is no set-up to be done.

 I'm sure there's a way to duplicate the benefits of DOCSIS on a wireless
 network, I just haven't figured it out yet :)

 David Smith
 MVN.net


--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] DHCP with a twist

2006-11-14 Thread Sam Tetherow
Being five days late on this you have probably already solved it, but 
just in case


The CB3 will request a DHCP address with it's MAC address (assuming it 
is set to DHCP).  When the PC or router behind the CB3 requests a DHCP 
lease you will see the MAC for that device.  The DHCP REQUEST message 
actually contains the MAC address it is requesting an IP for, it is not 
just assumed to be the MAC address that is seen making the request.  The 
biggest issue I could think of with this setup is when the customers 
device changes (new router or NIC) they will have to call into the NOC 
and the DHCP assignment will have to be changed.


   Sam Tetherow
   Sandhills Wireless

David E. Smith wrote:

As part of the ongoing (does it ever stop?) efforts to make a Better
Network, I've finally started using private subnets where appropriate.

I'd love to be able to better automate some parts of my network, though,
and I'm not sure how to do both of 'em at the same time. (Right now,
substantially our whole network uses static IP assignments everywhere,
and that's not really viable long-term.)

My ideal scenario would be something like this:

* The AP runs a DHCP server and talks to a RADIUS server (that's easy)
* When a client associates, do a RADIUS lookup to see if they should be
  allowed to associate (that's easy too)
* Give the CPE an IP address from one subnet, then give whatever else
  is there an IP from a different subnet (that's the tricky part)

This is made even more complicated by the fact that many of our CPE are
Senao CB3 units, which do MAC cloning and I don't think you can turn it
off. (Basically, both the CPE and the customer's router, or whatever,
show up in my tower as having the CPE's MAC.)

If I weren't trying to conserve public IP space, this would be easy
enough - just give the CPE one IP address and the customer's gear a
second one. But there's really no reason for my radios to be visible to
the public Internet, and it's wasteful of those sweet sweet IPs.

I know there's a solution to this problem, because that's basically how
most cable modem setups work. (Annoyingly, I can't get my company's
wireless Internet at home, so I've got cable modem there.) The cable
modem is a bit smarter than a CB3, though, thanks to DOCSIS. I'd like
to do all this at the tower, instead of having to buy (or invent) new
CPE if possible.

Is this even possible?

David Smith
MVN.net
  


--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] DHCP with a twist

2006-11-10 Thread David E. Smith
Ryan Langseth wrote:

 Why not have the AP run a DHCP relay instead of a full server, have
 everything relayed to a central server of your choice that way IP
 management becomes a one stop shop. Reservations would take care of
 setting IPs for specific mac addresses. 

That one could go either way, honestly. It's not nearly as big an issue
as...

 This is made even more complicated by the fact that many of our CPE are
 Senao CB3 units, which do MAC cloning and I don't think you can turn it
 off.
 We are currently setting two IPs for each customer using a cb3, one for
 the cb3 and one for the customer's equipment ( router, computer etc ) so
 you should be able to apply a different IP for each piece of equipment.

Just giving two IPs out is trivial, but the particular peculiar way I
want to do it is giving me minor headaches.

If a private IP gets assigned to a customer's router, the customer's
Internet connection won't work, and I'll get calls. If a public IP gets
assigned to a CPE, it's annoying, wasteful, and (in extreme cases) a
network security risk. And based on just a MAC, I don't know how to
differentiate CPE and customer gear.

This may be difficult to solve with the CB3, but (hopefully) slightly
more do-able with other CPE that's (hopefully) not quite as silly.

David Smith
MVN.net
-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] DHCP with a twist

2006-11-10 Thread Pete Davis
I know a nearby WISP that gives his customers IP space and his CPE space 
on the same last 3 octets. Makes figuring out who's CPE belongs to who's 
equipmnent much easier:


For example: Customer addr = 64.123.105.33, CPE addr: 10.123.105.33

We keep out CPE private, and customer addr public, but we aren't quite 
THAT organized.


pd


Ryan Langseth wrote:


David,

On Thu, 2006-11-09 at 11:23 -0600, David E. Smith wrote:
 


As part of the ongoing (does it ever stop?) efforts to make a Better
Network, I've finally started using private subnets where appropriate.

I'd love to be able to better automate some parts of my network, though,
and I'm not sure how to do both of 'em at the same time. (Right now,
substantially our whole network uses static IP assignments everywhere,
and that's not really viable long-term.)

My ideal scenario would be something like this:

* The AP runs a DHCP server and talks to a RADIUS server (that's easy)
* When a client associates, do a RADIUS lookup to see if they should be
 allowed to associate (that's easy too)
* Give the CPE an IP address from one subnet, then give whatever else
 is there an IP from a different subnet (that's the tricky part)
   


Why not have the AP run a DHCP relay instead of a full server, have
everything relayed to a central server of your choice that way IP
management becomes a one stop shop. Reservations would take care of
setting IPs for specific mac addresses. 

 


This is made even more complicated by the fact that many of our CPE are
Senao CB3 units, which do MAC cloning and I don't think you can turn it
off. (Basically, both the CPE and the customer's router, or whatever,
show up in my tower as having the CPE's MAC.)
   


We are currently setting two IPs for each customer using a cb3, one for
the cb3 and one for the customer's equipment ( router, computer etc ) so
you should be able to apply a different IP for each piece of equipment.

 


If I weren't trying to conserve public IP space, this would be easy
enough - just give the CPE one IP address and the customer's gear a
second one. But there's really no reason for my radios to be visible to
the public Internet, and it's wasteful of those sweet sweet IPs.

I know there's a solution to this problem, because that's basically how
most cable modem setups work. (Annoyingly, I can't get my company's
wireless Internet at home, so I've got cable modem there.) The cable
modem is a bit smarter than a CB3, though, thanks to DOCSIS. I'd like
to do all this at the tower, instead of having to buy (or invent) new
CPE if possible.

Is this even possible?
   


Anything is possible.
 



I am planning a similar system, hopefully deployed by the first of the
year. Along with our own IPs from ARIN and all new bandwidth.


 


David Smith
MVN.net
   




Ryan Langseth
invisimax.com


 



--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


RE: [WISPA] DHCP with a twist

2006-11-10 Thread Dennis Burgess - 2K Wireless
I just stick with all private addressing.  The radios, high gain antennas
and TenXs we use all do NAT in them, so we just leave it at that.



Dennis Burgess, MCP, CCNA, A+, N+, Mikrotik Certified
[EMAIL PROTECTED]
www.2kwireless.com
 
2K Wireless provides high-speed internet access, along with network
consulting for WISPs, and business's with a focus on TCP/IP networking,
security, and Mikrotik routers.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Pete Davis
Sent: Friday, November 10, 2006 12:43 PM
To: WISPA General List
Subject: Re: [WISPA] DHCP with a twist

I know a nearby WISP that gives his customers IP space and his CPE space 
on the same last 3 octets. Makes figuring out who's CPE belongs to who's 
equipmnent much easier:

For example: Customer addr = 64.123.105.33, CPE addr: 10.123.105.33

We keep out CPE private, and customer addr public, but we aren't quite 
THAT organized.

pd


Ryan Langseth wrote:

David,

On Thu, 2006-11-09 at 11:23 -0600, David E. Smith wrote:
  

As part of the ongoing (does it ever stop?) efforts to make a Better
Network, I've finally started using private subnets where appropriate.

I'd love to be able to better automate some parts of my network, though,
and I'm not sure how to do both of 'em at the same time. (Right now,
substantially our whole network uses static IP assignments everywhere,
and that's not really viable long-term.)

My ideal scenario would be something like this:

* The AP runs a DHCP server and talks to a RADIUS server (that's easy)
* When a client associates, do a RADIUS lookup to see if they should be
  allowed to associate (that's easy too)
* Give the CPE an IP address from one subnet, then give whatever else
  is there an IP from a different subnet (that's the tricky part)


Why not have the AP run a DHCP relay instead of a full server, have
everything relayed to a central server of your choice that way IP
management becomes a one stop shop. Reservations would take care of
setting IPs for specific mac addresses. 

  

This is made even more complicated by the fact that many of our CPE are
Senao CB3 units, which do MAC cloning and I don't think you can turn it
off. (Basically, both the CPE and the customer's router, or whatever,
show up in my tower as having the CPE's MAC.)


We are currently setting two IPs for each customer using a cb3, one for
the cb3 and one for the customer's equipment ( router, computer etc ) so
you should be able to apply a different IP for each piece of equipment.

  

If I weren't trying to conserve public IP space, this would be easy
enough - just give the CPE one IP address and the customer's gear a
second one. But there's really no reason for my radios to be visible to
the public Internet, and it's wasteful of those sweet sweet IPs.

I know there's a solution to this problem, because that's basically how
most cable modem setups work. (Annoyingly, I can't get my company's
wireless Internet at home, so I've got cable modem there.) The cable
modem is a bit smarter than a CB3, though, thanks to DOCSIS. I'd like
to do all this at the tower, instead of having to buy (or invent) new
CPE if possible.

Is this even possible?


Anything is possible.
  


I am planning a similar system, hopefully deployed by the first of the
year. Along with our own IPs from ARIN and all new bandwidth.


  

David Smith
MVN.net




Ryan Langseth
invisimax.com


  


-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] DHCP with a twist

2006-11-10 Thread Blair Davis
All private here as well Static and routed...  NAT to true public as 
needed... 
Only DHCP is for public access hotspot's... Track and manage it all thru 
my MikroTiks..




Dennis Burgess - 2K Wireless wrote:


I just stick with all private addressing.  The radios, high gain antennas
and TenXs we use all do NAT in them, so we just leave it at that.



Dennis Burgess, MCP, CCNA, A+, N+, Mikrotik Certified
[EMAIL PROTECTED]
www.2kwireless.com

2K Wireless provides high-speed internet access, along with network
consulting for WISPs, and business's with a focus on TCP/IP networking,
security, and Mikrotik routers.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Pete Davis
Sent: Friday, November 10, 2006 12:43 PM
To: WISPA General List
Subject: Re: [WISPA] DHCP with a twist

I know a nearby WISP that gives his customers IP space and his CPE space 
on the same last 3 octets. Makes figuring out who's CPE belongs to who's 
equipmnent much easier:


For example: Customer addr = 64.123.105.33, CPE addr: 10.123.105.33

We keep out CPE private, and customer addr public, but we aren't quite 
THAT organized.


pd


Ryan Langseth wrote:

 


David,

On Thu, 2006-11-09 at 11:23 -0600, David E. Smith wrote:


   


As part of the ongoing (does it ever stop?) efforts to make a Better
Network, I've finally started using private subnets where appropriate.

I'd love to be able to better automate some parts of my network, though,
and I'm not sure how to do both of 'em at the same time. (Right now,
substantially our whole network uses static IP assignments everywhere,
and that's not really viable long-term.)

My ideal scenario would be something like this:

* The AP runs a DHCP server and talks to a RADIUS server (that's easy)
* When a client associates, do a RADIUS lookup to see if they should be
allowed to associate (that's easy too)
* Give the CPE an IP address from one subnet, then give whatever else
is there an IP from a different subnet (that's the tricky part)
  

 


Why not have the AP run a DHCP relay instead of a full server, have
everything relayed to a central server of your choice that way IP
management becomes a one stop shop. Reservations would take care of
setting IPs for specific mac addresses. 




   


This is made even more complicated by the fact that many of our CPE are
Senao CB3 units, which do MAC cloning and I don't think you can turn it
off. (Basically, both the CPE and the customer's router, or whatever,
show up in my tower as having the CPE's MAC.)
  

 


We are currently setting two IPs for each customer using a cb3, one for
the cb3 and one for the customer's equipment ( router, computer etc ) so
you should be able to apply a different IP for each piece of equipment.



   


If I weren't trying to conserve public IP space, this would be easy
enough - just give the CPE one IP address and the customer's gear a
second one. But there's really no reason for my radios to be visible to
the public Internet, and it's wasteful of those sweet sweet IPs.

I know there's a solution to this problem, because that's basically how
most cable modem setups work. (Annoyingly, I can't get my company's
wireless Internet at home, so I've got cable modem there.) The cable
modem is a bit smarter than a CB3, though, thanks to DOCSIS. I'd like
to do all this at the tower, instead of having to buy (or invent) new
CPE if possible.

Is this even possible?
  

 


Anything is possible.



I am planning a similar system, hopefully deployed by the first of the
year. Along with our own IPs from ARIN and all new bandwidth.




   


David Smith
MVN.net
  

 


Ryan Langseth
invisimax.com




   



 




--
Blair Davis

AOL IM Screen Name --  Theory240

West Michigan Wireless ISP
269-686-8648

A division of:
Camp Communication Services, INC

--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] DHCP with a twist

2006-11-10 Thread David E. Smith
Pete Davis wrote:
 I know a nearby WISP that gives his customers IP space and his CPE space
 on the same last 3 octets. Makes figuring out who's CPE belongs to who's
 equipmnent much easier:
 
 For example: Customer addr = 64.123.105.33, CPE addr: 10.123.105.33
 
 We keep out CPE private, and customer addr public, but we aren't quite
 THAT organized.

I've started doing that, actually :D

In the past (and, some, today, because I'm still in the middle of this
transition) we always tried to give a customer's CPE and PC sequential
addresses (if one was x.x.x.34, the other would be x.x.x.35). This,
though, is even easier. :)

David Smith
MVN.net
-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] DHCP with a twist

2006-11-10 Thread Blair Davis
With our private IP's we do w.x.y.z for the cust router and w.x.y+1.z 
for the cust radio gear using a subnet of 255.255.254.0


We have also laid out our IP's so that the second octet describes the 
radio tech, (17 for 802.11b/g, 18 for TurboCell, 19 for NetStream 
5.8GHz, 20 for Netstream 900mhz) and then the third octet describes what 
tower they are on.


Makes it a bit easier



David E. Smith wrote:


Pete Davis wrote:
 


I know a nearby WISP that gives his customers IP space and his CPE space
on the same last 3 octets. Makes figuring out who's CPE belongs to who's
equipmnent much easier:

For example: Customer addr = 64.123.105.33, CPE addr: 10.123.105.33

We keep out CPE private, and customer addr public, but we aren't quite
THAT organized.
   



I've started doing that, actually :D

In the past (and, some, today, because I'm still in the middle of this
transition) we always tried to give a customer's CPE and PC sequential
addresses (if one was x.x.x.34, the other would be x.x.x.35). This,
though, is even easier. :)

David Smith
MVN.net
 




--
Blair Davis

AOL IM Screen Name --  Theory240

West Michigan Wireless ISP
269-686-8648

A division of:
Camp Communication Services, INC

--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] DHCP with a twist

2006-11-10 Thread Butch Evans

On Thu, 9 Nov 2006, David E. Smith wrote:


My ideal scenario would be something like this:

* The AP runs a DHCP server and talks to a RADIUS server (that's 
easy)


Yup.  (assuming Mikrotik)

* When a client associates, do a RADIUS lookup to see if they 
should be allowed to associate (that's easy too)


Yup.  You can do this with Wireless OR DHCP requests (for DHCP, the 
mac addy is sent as User-Name with no password)


* Give the CPE an IP address from one subnet, then give whatever 
else is there an IP from a different subnet (that's the tricky 
part)


This is not that tricky, really.  Again, I am assuming Mikrotik 
(since you said you were trying to better the network.  ;-)). 
Anyway, the way the MT will handle this (for dhcp) is:


1. If you have a static entry for the MAC, it will use those 
parameters - no radius check is done
2. If you DON'T have a static entry, MT will check radius for that 
user.  If a NO answer is received, then the user is NOT given an IP. 
What you have to do is use a default profile in the radius server. 
I know that FreeRadius supports this, but not sure if others do.  If 
your radius server supports handling the IP pool (I think FreeRadius 
does), then you can assign IP addresses from that pool for one group 
of users.  If there is no Framed-IP-Address in the access accept 
packet, then the MT will use the pool assigned for the dhcp server 
under /ip dhcp-server network.  This gives you some pretty good 
options.  Even if your radius server does not support the pool 
option, you can assign each user in the RADIUS a static IP via the 
Framed-IP-Address attribute and then have the default profile 
simply not return that attribute (thereby using the default pool 
set up on the MT).


This is made even more complicated by the fact that many of our CPE 
are Senao CB3 units, which do MAC cloning and I don't think you can 
turn it off. (Basically, both the CPE and the customer's router, or 
whatever, show up in my tower as having the CPE's MAC.)


The DHCP server SHOULD see the MAC of the device making the request. 
I believe it is the MAC inside the request (not the source mac 
address) that is sent to the radius server for authentication.



Is this even possible?


Hope this helps answer that question.  :-)

--
Butch Evans
Network Engineering and Security Consulting
573-276-2879
http://www.butchevans.com/
Mikrotik Certified Consultant
(http://www.mikrotik.com/consultants.html)
--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


[WISPA] DHCP with a twist

2006-11-09 Thread David E. Smith
As part of the ongoing (does it ever stop?) efforts to make a Better
Network, I've finally started using private subnets where appropriate.

I'd love to be able to better automate some parts of my network, though,
and I'm not sure how to do both of 'em at the same time. (Right now,
substantially our whole network uses static IP assignments everywhere,
and that's not really viable long-term.)

My ideal scenario would be something like this:

* The AP runs a DHCP server and talks to a RADIUS server (that's easy)
* When a client associates, do a RADIUS lookup to see if they should be
  allowed to associate (that's easy too)
* Give the CPE an IP address from one subnet, then give whatever else
  is there an IP from a different subnet (that's the tricky part)

This is made even more complicated by the fact that many of our CPE are
Senao CB3 units, which do MAC cloning and I don't think you can turn it
off. (Basically, both the CPE and the customer's router, or whatever,
show up in my tower as having the CPE's MAC.)

If I weren't trying to conserve public IP space, this would be easy
enough - just give the CPE one IP address and the customer's gear a
second one. But there's really no reason for my radios to be visible to
the public Internet, and it's wasteful of those sweet sweet IPs.

I know there's a solution to this problem, because that's basically how
most cable modem setups work. (Annoyingly, I can't get my company's
wireless Internet at home, so I've got cable modem there.) The cable
modem is a bit smarter than a CB3, though, thanks to DOCSIS. I'd like
to do all this at the tower, instead of having to buy (or invent) new
CPE if possible.

Is this even possible?

David Smith
MVN.net
-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


Re: [WISPA] DHCP with a twist

2006-11-09 Thread Ryan Langseth
David,

On Thu, 2006-11-09 at 11:23 -0600, David E. Smith wrote:
 As part of the ongoing (does it ever stop?) efforts to make a Better
 Network, I've finally started using private subnets where appropriate.
 
 I'd love to be able to better automate some parts of my network, though,
 and I'm not sure how to do both of 'em at the same time. (Right now,
 substantially our whole network uses static IP assignments everywhere,
 and that's not really viable long-term.)
 
 My ideal scenario would be something like this:
 
 * The AP runs a DHCP server and talks to a RADIUS server (that's easy)
 * When a client associates, do a RADIUS lookup to see if they should be
   allowed to associate (that's easy too)
 * Give the CPE an IP address from one subnet, then give whatever else
   is there an IP from a different subnet (that's the tricky part)
Why not have the AP run a DHCP relay instead of a full server, have
everything relayed to a central server of your choice that way IP
management becomes a one stop shop. Reservations would take care of
setting IPs for specific mac addresses. 

 
 This is made even more complicated by the fact that many of our CPE are
 Senao CB3 units, which do MAC cloning and I don't think you can turn it
 off. (Basically, both the CPE and the customer's router, or whatever,
 show up in my tower as having the CPE's MAC.)
We are currently setting two IPs for each customer using a cb3, one for
the cb3 and one for the customer's equipment ( router, computer etc ) so
you should be able to apply a different IP for each piece of equipment.

 
 If I weren't trying to conserve public IP space, this would be easy
 enough - just give the CPE one IP address and the customer's gear a
 second one. But there's really no reason for my radios to be visible to
 the public Internet, and it's wasteful of those sweet sweet IPs.
 
 I know there's a solution to this problem, because that's basically how
 most cable modem setups work. (Annoyingly, I can't get my company's
 wireless Internet at home, so I've got cable modem there.) The cable
 modem is a bit smarter than a CB3, though, thanks to DOCSIS. I'd like
 to do all this at the tower, instead of having to buy (or invent) new
 CPE if possible.
 
 Is this even possible?
Anything is possible.
 

I am planning a similar system, hopefully deployed by the first of the
year. Along with our own IPs from ARIN and all new bandwidth.


 David Smith
 MVN.net


Ryan Langseth
invisimax.com


-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/