Not to mention, PPPoE with RADIUS allows for very detailed user accounting, per-user ACL's, per-user routes, dynamic ip addressing, bandwidth rate-limiting. Best of all, this can all be maintained by a helpdesk with a web front-end for the RADIUS server, so that the network techs can focus on other tasks.
We actually use Contexts in a Redback to determine by [EMAIL PROTECTED] what route particular contexts customers take out to the internet. This is used to take customers that want to pay for URL filtering through a transparent filtering device so that no configuration is needed on their computers, except for their PPPoE username/password. For example, parents can have a non-filtered account and their kids use the filtered account, or schools use a PPPoE capable firewall/router and the entire school now has url-filtering with a simple username/password change. Eric ----- Original Message ----- From: "The Wirefree Network" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, July 30, 2003 9:23 PM Subject: RE: [smartBridges] Offlist - Why use PPPoE Ah..... One thing that I think you may have flipped is about the airBridge. It actually shows the MAC of the airBridge ALL THE TIME and it's own IP while the customer is offline. When the customer comes online, their IP changes, not the MAC. But...I see what you are saying. I don't run any sort of HOTSPOT situation. So...I am doing MAC authentication (via Radius) and rotating WEP keys. By the way...I sniffed my traffic for 24 hours and did not come up with a single "interesting" packet. You need thousands of "interesting" packets to crack WEP. I think the days of cracking WEP are over. Especially with WEP plus and such. My 2 cents. Sully -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Summers Sent: Wednesday, July 30, 2003 6:36 PM To: [EMAIL PROTECTED] Subject: RE: [smartBridges] Offlist - Why use PPPoE We run a completely open network. There's no MAC lists, and no validation of the client other than their username and password. We do this for several reasons. - MAC authentication is a pain in the ass nightmare. Especially when you have situations (which I've seen most of them do this) where the AirBridge passes it's own MAC address until the client turns on their PC, then it passes the NIC MAC address. This is usually fine except for when the client wants to plug in their laptop. - WEP encryption is easily crackable, and slows down the connection. - We wanted to have HotSpot capability, which meant an open network. At the office we use MikroTik router software to authenticate clients through three different methods. - HotSpot login - PPTP for single user situations. (mainly residential) - PPPoE for multi-user situations. (mainly SOHO and business) The only thing identifies them is Username and Password, and we do limit to just one login per account. So once they are on, nobody can hijack their connection. We chose PPPoE because it's the only login ability available with the inexpensive little Cable/DSL routers, and it works great. It's not that it's that secure or anything, but what is. Someone could just as easily hack a dialup, an e-mail account, a web site login. We aren't that paranoid, and our customers understand what their getting into. Kevin Summers KISTech Internet Services Inc. www.kistech.com > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of The Wirefree Network > Sent: Wednesday, July 30, 2003 5:47 PM > To: [EMAIL PROTECTED] > Subject: [smartBridges] Offlist - Why use PPPoE > > > Kevin, > Forgive the stupid questions here. > > What added benefit does the PPPoE provide you? > > Does it truly provide another level of authentication that is not as > easily broken?? > > Sully > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Summers > Sent: Wednesday, July 30, 2003 5:44 PM > To: [EMAIL PROTECTED] > Subject: RE: [smartBridges] PPPoE on Firmware version 0.01.07 > > > Tested PPPoE with MikroTik RouterOS version 2.7.0 > > Test # 1 - Linksys Cable/DSL Router > > - unsuccessful. I plugged the wrong wall wart into it > and I think I fried it. > > Test # 2 - Efficient Networks Speedstream Cable/DSL Router > > - PPPoE Login worked fine > - Internet access didn't work that great because the router > wouldn't accept the subnet mask I gave it for it's WAN > interface of 255.255.255.255. It automatically assumed > 255.0.0.0 because it was a 65.x.x.x address. > (now I know why these were only $12 at Fry's...) > > Test # 3 - SMC Barricade Cable/DSL Router > > - unsuccessful. This unit I think is also fried, but when > a manufacturer wants you to use a paperclip and hold it > on pins 4 and 9 for up to 30 seconds to reset the device, > you are probably better off without it. > > Test # 4 - NEW Linksys Cable/DSL Router > > - PPPoE login was successful and I was able to get about 768K > throughput on it. I'm checking into why it's so slow. > > Looks like the problem has been fixed, and PPPoE does indeed > work fine on the new firmware with MikroTik... > > Kevin Summers > KISTech Internet Services Inc. > www.kistech.com > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Ray > > Sent: Wednesday, July 30, 2003 4:02 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [smartBridges] PPPoE on Firmware version 0.01.07 > > > > > > I'm sitting at my computer repeatedly hitting "Send/Receive"... > > > > > > > > > > ----- Original Message ----- > > From: "Kevin Summers" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Wednesday, July 30, 2003 3:47 PM > > Subject: RE: [smartBridges] PPPoE on Firmware version 0.01.07 > > > > > > > > > > I'm just about to test it with MikroTik. > > > > > > Kevin Summers > > > KISTech Internet Services Inc. > > > www.kistech.com > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] Behalf Of Ray > > > > Sent: Wednesday, July 30, 2003 3:31 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: [smartBridges] PPPoE on Firmware version 0.01.07 > > > > > > > > > > > > Has anyone tested this with Mikrotik? > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Lars Gaarden" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > Sent: Wednesday, July 30, 2003 3:18 PM > > > > Subject: Re: [smartBridges] PPPoE on Firmware version 0.01.07 > > > > > > > > > > > > > Eric Helm wrote: > > > > > > > > > > > We unsuccessfully tested a NetScreen firewall PPPoE client. > This > > > > particular > > > > > > client has the same problem most other PPPoE clients had with > the > > old > > > > > > firmware. > > > > > > > > > > Odd. I tested 0.01.07 today, and from what I can tell from > > the packet > > > > > dumps it should work perfectly for any RFC compliant PPPoE > > client and > > > > > server. (good work, sB!) > > > > > > > > > > Any chance you could provide a packet dump of the > > connection attempt? > > > > > > > > > > Are you by any chance using PPPoE relay? Some clients - > especially > > > > > el-cheapo broadband routers - won't work correctly with PPPoE > relay. > > > > > > > > > > I don't work for sB but I have a vested interest in making sure > that > > > > > the PPPoE pass-through on the airBridge works perfectly. > > We're running > > > > > a pure PPPoE network too, and are planning to switch from > airPoint > > > > > indoors in clientbirdge mode to airBridge Outdoor for the CPEs. > > > > > > > > > > -- > > > > > LarsG > > > > > > > > > > The PART-15.ORG smartBridges Discussion List > > > > > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > > > > smartBridges <yournickname> > > > > > To Remove: mailto:[EMAIL PROTECTED] (in the body type > unsubscribe > > > > smartBridges) > > > > > Archives: http://archives.part-15.org > > > > > > > > > > > > > The PART-15.ORG smartBridges Discussion List > > > > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > > > > smartBridges <yournickname> > > > > To Remove: mailto:[EMAIL PROTECTED] (in the body type > > > > unsubscribe smartBridges) > > > > Archives: http://archives.part-15.org > > > The PART-15.ORG smartBridges Discussion List > > > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > > smartBridges <yournickname> > > > To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe > > smartBridges) > > > Archives: http://archives.part-15.org > > > > > > > The PART-15.ORG smartBridges Discussion List > > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > > smartBridges <yournickname> > > To Remove: mailto:[EMAIL PROTECTED] (in the body type > > unsubscribe smartBridges) > > Archives: http://archives.part-15.org > > The PART-15.ORG smartBridges Discussion List > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > smartBridges <yournickname> > To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe > smartBridges) > Archives: http://archives.part-15.org > > The PART-15.ORG smartBridges Discussion List > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > smartBridges <yournickname> > To Remove: mailto:[EMAIL PROTECTED] (in the body type > unsubscribe smartBridges) > Archives: http://archives.part-15.org The PART-15.ORG smartBridges Discussion List To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) Archives: http://archives.part-15.org The PART-15.ORG smartBridges Discussion List To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) Archives: http://archives.part-15.org
