> To: techie <[EMAIL PROTECTED]>
> cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
> From: "George C. Kaplan" <[EMAIL PROTECTED]>
> Subject: Re: [BAWUG] LEAP technology discussion
> Date: Fri, 14 Feb 2003 08:30:01 -0800
>
> In message <[EMAIL PROTECTED]>, techie writes:
> > Gack.. sounds like typical state institution mentality..
>
> Well, not *all* state institutions...
>
> > Stanford's approach is a bit different.
> >
> > To access the Stanford network via wireless, you need to have three things:
> >
> > 1. a 802.11b wireless card
> >
> > 2. the MAC address of your card needs to be in Stanford's network database,
> > with the DHCP, and DHCP ROAMING flags checked.
> >
> > 3. a SUNet ID (kerberos)
>
> We do pretty much the same at UC Berkeley, except we omit step 2. MAC
> address registration doesn't add much security, and it complicates the
> setup for new users. (One more thing for non-techie users to get wrong
> and call the help desk). The wireless subnets are separate from all of
> the wired subnets.
We could probably omit step 2 now, but when this was first rolled out,
they didn't have the captive portal yet..
Maybe I should explain NetDB..
We have this custom database into which all computers are entered.
Among the things that are distlled from NetDB are DNS, and DHCP databases.
NetDB also stores info on hostname/MX/IP/owner/user/location/MAC/OS/cpu type/
etc..
All DHCP data is distilled from NetDB, and for a host to obtain an IP address,
it must have the MAC address in NetDB. In order to get an address outside of
it's home network, the ROAMING flag needs to be checked, in which case an
address can be obtained anywhere that a roaming dhcp pool exists.
NetDB is controlled by networking, but most data entry is done by department
level LNA's (Local Network Admin), or RCC's (Residential Computer Coordinator).
hosts can have multiple interfaces, and multiple IP's associated with a single
NetDB record. Everything connected to SUNet is supposed to be in NetDB, such
as hosts, printers, APs, routers, hubs/switches, etc..
>
> We're using a commercial captive portal system (Vernier Networks) which
> uses a web-based login. The only client software needed is an
> SSL-capable browser. Our goal from the start was to be as inclusive as
> possible, while doing a reasonable amount of access control.
>
> --
> George C. Kaplan [EMAIL PROTECTED]
> Communication & Network Services 510-643-0496
> University of California at Berkeley
>
>
-- Welcome My Son, Welcome To The Machine --
Bob Vaughan | techie@{w6yx|tantivy}.stanford.edu | [EMAIL PROTECTED]
| P.O. Box 19792, Stanford, Ca 94309
-- I am Me, I am only Me, And no one else is Me, What could be simpler? --
--
general wireless list, a bawug thing <http://www.bawug.org/>
[un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
