I can understand that. We just have different types of networks serving different purposes. I haven't used an APPO yet, so they may act differently than the regular AP. The regular AP talking to an AirBridge with the old firmware was picking up the AB MAC initially, then it would show the MAC of the device that it was plugged into. If I were to only allow the MAC of the AB, then once the AB passes the MAC of the customer's equipment they would be denied access. Things are different I guess now with the new firmware, so at this point it's no longer an issue. (even though we aren't going to use MAC auth anyway..)
Kevin Summers KISTech Internet Services Inc. www.kistech.com > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of The Wirefree Network > Sent: Thursday, July 31, 2003 1:29 PM > To: [EMAIL PROTECTED] > Subject: [smartBridges] MAC authentication > > > CHANGED SUBJECT > > I ONLY put the MAC address of the sB rooftop device (aB, aBo, aPPo-CB, > aP) in my MAC authentication table (in aPPo). NO OTHER MAC addresses at > all. So...that is the only MAC address that the aPPo sees for > authentication purposes. > > At my router, I also see the MAC address and IP of the internal machines > (depending on which sB device being used)...but I don't really care > about them as much. I just don't want someone associating directly to > my aPPo without me knowing. > > Sully > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 10:53 PM > To: [EMAIL PROTECTED] > Subject: RE: [smartBridges] Offlist - Why use PPPoE > > > I was using a different AP when I saw this behavior, but when > the AirBridge associates to the AP it uses it's own MAC address. > Then when you plug it in to something, say a switch, or a PC, or > a Cable/DSL router, the MAC address that the AP shows changes to > the MAC of whatever you just plugged in. At least in firmware > 0.09.10 it does because it's a transparent bridge. I haven't > tested it yet with the new firmware to see what MAC address shows > up on the AP. > > On one of my APs right now though, I've got clients that I know > are using AirBridges, but the manufacturer portion of the MAC in > the client list typically shows Linksys (00:06:25) or some other > maker that produces the NICs in their laptops or switches. > > It took some considerable thought before we finally decided to > ignore WEP and just plod along happily. I'm interested when you > say "rotating WEP keys". How are you changing the WEP keys on > the client radios? Is it automated? > > We keep a pretty strong eye out on our network, and we get the > occasional roamer that is sniffing around. Usually they are > trying to get on to the internet for free. The MikroTik box does > a pretty good job of redirecting every one of their attempts to > the HotSpot sign in page. > > Kevin Summers > KISTech Internet Services Inc. > www.kistech.com > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, July 30, 2003 7:23 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [smartBridges] Offlist - Why use PPPoE > > > > > > Ah..... > > > > One thing that I think you may have flipped is about the > > airBridge. It actually shows the MAC of the airBridge ALL THE > > TIME and it's own IP while the customer is offline. When the > > customer comes online, their IP changes, not the MAC. > > > > But...I see what you are saying. > > > > I don't run any sort of HOTSPOT situation. So...I am doing MAC > > authentication (via Radius) and rotating WEP keys. By the > > way...I sniffed my traffic for 24 hours and did not come up with > > a single "interesting" packet. You need thousands of > > "interesting" packets to crack WEP. I think the days of cracking > > WEP are over. Especially with WEP plus and such. > > > > My 2 cents. > > > > Sully > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Summers > > Sent: Wednesday, July 30, 2003 6:36 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [smartBridges] Offlist - Why use PPPoE > > > > > > We run a completely open network. There's no MAC lists, and no > > validation of the client other than their username and password. > > > > We do this for several reasons. > > > > - MAC authentication is a pain in the ass nightmare. Especially > > when you have situations (which I've seen most of them do this) > > where the AirBridge passes it's own MAC address until the client > > turns on their PC, then it passes the NIC MAC address. This is > > usually fine except for when the client wants to plug in their > > laptop. > > - WEP encryption is easily crackable, and slows down the connection. > > - We wanted to have HotSpot capability, which meant an open network. > > > > At the office we use MikroTik router software to authenticate clients > > through three different methods. > > > > - HotSpot login > > - PPTP for single user situations. (mainly residential) > > - PPPoE for multi-user situations. (mainly SOHO and business) > > > > The only thing identifies them is Username and Password, and we do > > limit to just one login per account. So once they are on, nobody can > > hijack their connection. > > > > We chose PPPoE because it's the only login ability available with the > > inexpensive little Cable/DSL routers, and it works great. It's not > that > > it's that secure or anything, but what is. Someone could just as > easily > > hack a dialup, an e-mail account, a web site login. We aren't that > > paranoid, and our customers understand what their getting into. > > > > Kevin Summers > > KISTech Internet Services Inc. > > www.kistech.com > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] Behalf Of The Wirefree > Network > > > Sent: Wednesday, July 30, 2003 5:47 PM > > > To: [EMAIL PROTECTED] > > > Subject: [smartBridges] Offlist - Why use PPPoE > > > > > > > > > Kevin, > > > Forgive the stupid questions here. > > > > > > What added benefit does the PPPoE provide you? > > > > > > Does it truly provide another level of authentication that is not as > > > easily broken?? > > > > > > Sully > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Summers > > > Sent: Wednesday, July 30, 2003 5:44 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [smartBridges] PPPoE on Firmware version 0.01.07 > > > > > > > > > Tested PPPoE with MikroTik RouterOS version 2.7.0 > > > > > > Test # 1 - Linksys Cable/DSL Router > > > > > > - unsuccessful. I plugged the wrong wall wart into it > > > and I think I fried it. > > > > > > Test # 2 - Efficient Networks Speedstream Cable/DSL Router > > > > > > - PPPoE Login worked fine > > > - Internet access didn't work that great because the router > > > wouldn't accept the subnet mask I gave it for it's WAN > > > interface of 255.255.255.255. It automatically assumed > > > 255.0.0.0 because it was a 65.x.x.x address. > > > (now I know why these were only $12 at Fry's...) > > > > > > Test # 3 - SMC Barricade Cable/DSL Router > > > > > > - unsuccessful. This unit I think is also fried, but when > > > a manufacturer wants you to use a paperclip and hold it > > > on pins 4 and 9 for up to 30 seconds to reset the device, > > > you are probably better off without it. > > > > > > Test # 4 - NEW Linksys Cable/DSL Router > > > > > > - PPPoE login was successful and I was able to get about 768K > > > throughput on it. I'm checking into why it's so slow. > > > > > > Looks like the problem has been fixed, and PPPoE does indeed > > > work fine on the new firmware with MikroTik... > > > > > > Kevin Summers > > > KISTech Internet Services Inc. > > > www.kistech.com > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] Behalf Of Ray > > > > Sent: Wednesday, July 30, 2003 4:02 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: [smartBridges] PPPoE on Firmware version 0.01.07 > > > > > > > > > > > > I'm sitting at my computer repeatedly hitting "Send/Receive"... > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Kevin Summers" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > Sent: Wednesday, July 30, 2003 3:47 PM > > > > Subject: RE: [smartBridges] PPPoE on Firmware version 0.01.07 > > > > > > > > > > > > > > > > > > I'm just about to test it with MikroTik. > > > > > > > > > > Kevin Summers > > > > > KISTech Internet Services Inc. > > > > > www.kistech.com > > > > > > > > > > > -----Original Message----- > > > > > > From: [EMAIL PROTECTED] > > > > > > [mailto:[EMAIL PROTECTED] Behalf Of Ray > > > > > > Sent: Wednesday, July 30, 2003 3:31 PM > > > > > > To: [EMAIL PROTECTED] > > > > > > Subject: Re: [smartBridges] PPPoE on Firmware version 0.01.07 > > > > > > > > > > > > > > > > > > Has anyone tested this with Mikrotik? > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > From: "Lars Gaarden" <[EMAIL PROTECTED]> > > > > > > To: <[EMAIL PROTECTED]> > > > > > > Sent: Wednesday, July 30, 2003 3:18 PM > > > > > > Subject: Re: [smartBridges] PPPoE on Firmware version 0.01.07 > > > > > > > > > > > > > > > > > > > Eric Helm wrote: > > > > > > > > > > > > > > > We unsuccessfully tested a NetScreen firewall PPPoE > client. > > > This > > > > > > particular > > > > > > > > client has the same problem most other PPPoE clients had > with > > > the > > > > old > > > > > > > > firmware. > > > > > > > > > > > > > > Odd. I tested 0.01.07 today, and from what I can tell from > > > > the packet > > > > > > > dumps it should work perfectly for any RFC compliant PPPoE > > > > client and > > > > > > > server. (good work, sB!) > > > > > > > > > > > > > > Any chance you could provide a packet dump of the > > > > connection attempt? > > > > > > > > > > > > > > Are you by any chance using PPPoE relay? Some clients - > > > especially > > > > > > > el-cheapo broadband routers - won't work correctly with > PPPoE > > > relay. > > > > > > > > > > > > > > I don't work for sB but I have a vested interest in making > sure > > > that > > > > > > > the PPPoE pass-through on the airBridge works perfectly. > > > > We're running > > > > > > > a pure PPPoE network too, and are planning to switch from > > > airPoint > > > > > > > indoors in clientbirdge mode to airBridge Outdoor for the > CPEs. > > > > > > > > > > > > > > -- > > > > > > > LarsG > > > > > > > > > > > > > > The PART-15.ORG smartBridges Discussion List > > > > > > > To Join: mailto:[EMAIL PROTECTED] (in the body type > subscribe > > > > > > smartBridges <yournickname> > > > > > > > To Remove: mailto:[EMAIL PROTECTED] (in the body type > > > unsubscribe > > > > > > smartBridges) > > > > > > > Archives: http://archives.part-15.org > > > > > > > > > > > > > > > > > > > The PART-15.ORG smartBridges Discussion List > > > > > > To Join: mailto:[EMAIL PROTECTED] (in the body type > subscribe > > > > > > smartBridges <yournickname> > > > > > > To Remove: mailto:[EMAIL PROTECTED] (in the body type > > > > > > unsubscribe smartBridges) > > > > > > Archives: http://archives.part-15.org > > > > > The PART-15.ORG smartBridges Discussion List > > > > > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > > > > smartBridges <yournickname> > > > > > To Remove: mailto:[EMAIL PROTECTED] (in the body type > unsubscribe > > > > smartBridges) > > > > > Archives: http://archives.part-15.org > > > > > > > > > > > > > The PART-15.ORG smartBridges Discussion List > > > > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > > > > smartBridges <yournickname> > > > > To Remove: mailto:[EMAIL PROTECTED] (in the body type > > > > unsubscribe smartBridges) > > > > Archives: http://archives.part-15.org > > > > > > The PART-15.ORG smartBridges Discussion List > > > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > > > smartBridges <yournickname> > > > To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe > > > smartBridges) > > > Archives: http://archives.part-15.org > > > > > > The PART-15.ORG smartBridges Discussion List > > > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > > > smartBridges <yournickname> > > > To Remove: mailto:[EMAIL PROTECTED] (in the body type > > > unsubscribe smartBridges) > > > Archives: http://archives.part-15.org > > The PART-15.ORG smartBridges Discussion List > > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > > smartBridges <yournickname> > > To Remove: mailto:[EMAIL PROTECTED] (in the body type > > unsubscribe smartBridges) > > Archives: http://archives.part-15.org > > > > The PART-15.ORG smartBridges Discussion List > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > smartBridges <yournickname> > To Remove: mailto:[EMAIL PROTECTED] (in the body type > unsubscribe smartBridges) > Archives: http://archives.part-15.org The PART-15.ORG smartBridges Discussion List To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) Archives: http://archives.part-15.org
