Does anyone have a foolproof way of changing ESSIDs on a network of AB, ABOs and a 'backbone' of APOs, a regular basis?
I've scripted a change which changes the furthest airbridges and then their serving AP repeater, then rolls back up the backbone to the main airpoint. The problem is that if I fail to update a single airbridge I have to roll back the whole thing to leave the system in a working state, and the chance of a complete network update ever happening smoothly (with even 20 AB's on a network which users shouldn't switch off) is very low.
For info I run a non-broadcast ESSID network where the users are not 'trusted', so the 'hidden' ESSID is my first line of hacking defense, I realise this isn't secure in itsself, but it's a good 1st line.
The ideal would be for an airbridge or airpoint to have a main and alt ESSID, which would allow an AB on failing to associate with the main would try with the alt. I could then do a two stage update, setting the airbridge 'alt' to the new essid before updating the airpoints - so I'd know they were all set and ok before I moved 'up'. I've raised this with Smartbridges and it's gone in the 'submitted to the dev team' bin.
The next problem is of course monitoring, every SNMP query gives away the admin password so any fool with a sniffer can get in anyway... but that's another thread..
I'd appreciate your thoughts on how best to keep this sort of network secure, and ways of automating the maintenance..
H -- Howard Tytherleigh, Shere Broadband Limited. www.sherebroadband.com T: 08701 999887 F: 07092 341143 M: 07092 031241
The PART-15.ORG smartBridges Discussion List
To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname>
To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges)
Archives: http://archives.part-15.org
