RE: [smartBridges] Microtik - Eje

[Chris Chance]

Title: RE: [smartBridges] Microtik - Eje

Ok but she cant do the mac authentication from radius can she like she does the username/login?   From: Kevin Summers [mailto:[EMAIL PROTECTED] Sent: Monday, August 18, 2003 5:49 PM To: [EMAIL PROTECTED]   Actually, surprisingly enough. It is. Kevin Summers KISTech Internet Services Inc. www.kistech.com   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Chris Chance Sent: Monday, August 18, 2003 2:43 PM To: '[EMAIL PROTECTED]' Subject: RE: [smartBridges] Microtik - Eje Hmmm ok and whats the catch to the hotspot feature? I mean really it can't be that easy lol.   Chris   From: Kevin Summers [mailto:[EMAIL PROTECTED] Sent: Monday, August 18, 2003 5:12 PM To: [EMAIL PROTECTED]   The HotSpot feature uses MAC authentication optionally. Even with PPTP it's not something installed on their system that shouldn't already be there. It's a part of most Windows operating systems. 98SE or older are the only ones you would have to install anything on.   The HotSpot feature autheticates either by Username and Password, MAC address, or HTTP Cookie. So you have several options with it. Kevin Summers KISTech Internet Services Inc. www.kistech.com   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Chris Chance Sent: Monday, August 18, 2003 1:34 PM To: '[EMAIL PROTECTED]' Subject: RE: [smartBridges] Microtik - Eje I c very nice but then again it ends up back installing things on peoples computers and we all know how that always results especially on this island I live on we cant keep a users ip the same for more than a month without them messing it up, however what we wanted to do was mac baised authentication to just make sure there mac address is authenticated as a valid user if not it pops the hotspot page up and says you are not authorized or enter your username and password is this possible?   Chris   From: Kevin Summers [mailto:[EMAIL PROTECTED] Sent: Monday, August 18, 2003 4:24 PM To: [EMAIL PROTECTED]   In Windows 98SE run Add/Remove programs and go to the Windows Components part. In Communications, make sure that Virtual Private Networking is installed.   In Windows 2000/XP right click on My Network Places and go to Properties. Double-click on Make New Connection and choose "Connect to a Private Network through the Internet".   This lets you set up PPTP for your clients to connect to your MikroTik router with a secure login. It's built in to every version of Windows that is 98SE or newer, and can be added on to 98 and 95 by downloading the updated DUN (Dialup Networking) from Microsoft.   The client machine picks up a DHCP address, you have their PPTP configured to connect to your MikroTik router, and they use their Username and Password to log in. Your MikroTik should be configured so that it Mangles packets coming from authenticated users, and flow-marks them as authorized. Then in your Forward firewall rules you can allow and disallow the appropriate ports and stuff for those users. In the PPP configuration section it works the same as PPPoE and can be authenticated through RADIUS.   We're actually running HotSpot, PPTP and PPPoE all through RADIUS on the same MikroTik server and we love the versatility of this software. Kevin Summers KISTech Internet Services Inc. www.kistech.com   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Chris Chance Sent: Monday, August 18, 2003 1:10 PM To: '[EMAIL PROTECTED]' Subject: RE: [smartBridges] Microtik - Eje Clerify what exactly is PPTP and how does it work? -----Original Message----- From: Kevin Summers [mailto:[EMAIL PROTECTED]] Sent: Monday, August 18, 2003 3:38 PM To: [EMAIL PROTECTED]   Actually, PPTP on the MikroTik router DOES work with RADIUS. It's all authenticated through the PPP menu options so RADIUS is available for PPTP, PPPoE and any other service that runs it's authentication through the PPP portion of the router, and it is dynamic. NOTE: I'm using version 2.7 Kevin Summers KISTech Internet Services Inc. www.kistech.com   > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Eje Gustafsson > Sent: Saturday, August 16, 2003 9:47 PM > To: Kevin Summers > Subject: Re: [smartBridges] Microtik - Eje > > > I seen single port routers capable of pppoe that been sold for as > little as 6.95 (tigerdirect.com - efficient (siemens) routers). > > Yes Mikrotik can do pptp however it is not dynamic you have to create > a pptp interface for each client and it do not support radius which > are two things that are very strong things speaking for pppoe. You > know one thing that is kind of funny years back when I looked at doing > dsl I did NOT want to do pppoe. If you had asked me I would have said > it plainly sucked bulky messy and I would give you every possible > excuse not to use it. Today I would never dream about running a > 802.11b network without it [pppoe] or some sort of hotspot > authentication. Why ? Because 802.11b is to easy to hack into and gain > access to and the ONLY way to securely protect you is pppoe or second > best hotspot. > > Best regards, >  Eje Gustafsson                       mailto:[EMAIL PROTECTED] > The Family Entertainment Network      http://www.fament.com > Phone : 620-231-7777                  Fax   : 620-231-4066 >      - Your Full Time Professionals - > eBay UserID : macahan > --- > searchable smartBridges mailing list archive. > http://www.mail-archive.com/smartbridges40part-15.org/ > -- > KS> RE: [smartBridges] Microtik - EjeIf they are Windows clients, > use PPTP for > KS> authentication. The same > KS> features are available for bandwidth limiting, and anything that is > KS> Windows 98SE or newer has PPTP support built in. It only works for > KS> single users, but if that is what you have, then you are set. > For those > KS> that are multiple machines behind a CPE you can get the router and > KS> spend the $9.99 on them. > > KS> The "redirect page" feature I think you are referring to is > the HotSpot > KS> feature. It works very slick and doesn't require any configuration on > KS> the client machine. It also works with multiple clients behind a CPE. > KS> Kevin Summers > KS> KISTech Internet Services Inc. > KS> www.kistech.com > > > > KS>   -----Original Message----- > KS>   From: [EMAIL PROTECTED] > KS> [mailto:[EMAIL PROTECTED]]On Behalf Of Chris Chance > KS>   Sent: Saturday, August 16, 2003 8:05 AM > KS>   To: '[EMAIL PROTECTED]' > KS>   Subject: RE: [smartBridges] Microtik - Eje > > > KS>   I know really it's a matter of cost the PPPoE solution is > thebest along > KS> with using routers at the clients but so far cheapest I have > found is 9.99 > KS> sounds great but its 49.99 with a 40 dollar mail in rebate > that's not a > KS> possibility considering my bank account doesn't come close to > covering the > KS> 150 clients that would need the routers rolling trucks isn't even the > KS> problem cause I could get my friends to do it with me. How do > I set the > KS> queue tree for port's? for the overrides I couldn't find > this? Can you give > KS> me a basic setup for what I would have to do from a bare > 2.7.8 microtik box > KS> to get 1 client up at 512/128 with pop and smtp overridden to > do unlimited > KS> along with the ARP authorization. I would really appreciate > it eje, things > KS> might just be promising then even though I can't get the > redirection page to > KS> work that's one feature I wish the microtik had then I could > really pump it > KS> are they taking any recommendations ? I mean the webserver is already > KS> implemented on the box so it shouldn't be that hard. > > KS>   Chris > > KS>   -----Original Message----- > KS>   From: Eje Gustafsson [mailto:[EMAIL PROTECTED]] > KS>   Sent: Friday, August 15, 2003 12:18 AM > KS>   To: Chris Chance > > KS>   Currently you can only set a upload limit based on mac address. > KS>   If you create static arp entries then they will not be able to pass > KS>   any traffic even if they change ips. > > KS>   Sounds like from what you want to do you need to setup a > queue tree as > KS>   well create some override rules that would allow higher > speed on pop3 > KS>   and smtp. > > KS>   If you set the interface to arp reply-only then a unauthorized user > KS>   will not be able to pass any traffic. There is no redirect page but > KS>   then they will not be able to pass any traffic either > (which should be > KS>   a good hint). > > KS>   If you really want a secure network you should use pppoe > then you can > KS>   have all automated for you and don't need to worry about users > KS>   changing ips or unathorized users. PPPoE is your friend. > > > > KS>   Best regards, > KS>    Eje Gustafsson                       mailto:[EMAIL PROTECTED] > KS>   The Family Entertainment Network      http://www.fament.com > KS>   Phone : 620-231-7777                  Fax   : 620-231-4066 > KS>        - Your Full Time Professionals - > KS>   eBay UserID : macahan > KS>   --- > KS>   searchable smartBridges mailing list archive. > KS>   http://www.mail-archive.com/smartbridges40part-15.org/ > KS>   -- > KS>   CC> Eje I'm really considering the microtik for our client bandwidth > KS> management > KS>   CC> until the nexus come out but I have a problem... I got > basic queues to > KS> work > KS>   CC> by IP although this isn't what we wanted.. We wanted by > mac address > KS>   CC> bandwidth management I mean people can change ips or > spoof ip's easier > KS> than > KS>   CC> mac's, and also we wanted to be able to do more in > depth filtering of > KS> the > KS>   CC> bandwidth for a client like 512/128 for everything > except smtp and > KS> pop3 > KS>   CC> which would be unlimited. But this isn't available? > Also What happened > KS> to > KS>   CC> what I heard about authorization redirection Mainly > showing users that > KS>   CC> aren't mac allowed a webpage that states there invalid > users or are > KS> pirating > KS>   CC> and should desist or call the office. > > > > KS>   CC> Chris > > > > KS>   PS>> Eje any help would be much appreciated or anyone using microtik > > KS>   -- > KS>   [This E-mail scanned for viruses by Declude Virus] > > KS>   The PART-15.ORG smartBridges Discussion List > KS>   To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > KS> smartBridges <yournickname> > KS>   To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe > KS> smartBridges) > KS>   Archives: http://archives.part-15.org > > -- > [This E-mail scanned for viruses by Declude Virus] > > The PART-15.ORG smartBridges Discussion List > To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe > smartBridges <yournickname> > To Remove: mailto:[EMAIL PROTECTED] (in the body type > unsubscribe smartBridges) > Archives: http://archives.part-15.org The PART-15.ORG smartBridges Discussion List To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) Archives: http://archives.part-15.org