The same way you do it if you didn't run DHCP. Use PPPoE, HotSpot, static DHCP based on MAC, ACL for association at the AP, any number of ways.
DHCP has little to do with authentication, although it can be a part of the process. What DHCP does is automate the user TCP settings so that if you renumber your system in order to move to routing it is painless to assign new numbers. If you have to change DNS servers then that is also easy. Just change the DHCP config and within an hour everybody is using the new DNS. Don't run a network without it. It is priceless. Lonnie On 12/6/05, Ron Wallace <[EMAIL PROTECTED]> wrote: > Lonnie, > So Lonnie, if I run DHCP, on my customers IP's, how do I authenticate > the users. I'm a real rookie at this. > Ron Wallace > ---- Original message ---- > >Date: Tue, 6 Dec 2005 11:52:08 -0800 > >From: Lonnie Nunweiler <[EMAIL PROTECTED]> > >Subject: Re: [WISPA] How to Authenticate/Protect (WasEthernet > basedauthentication) > >To: WISPA General List <wireless@wispa.org> > > > >If you take Marlon's advice and do not run DHCP then you get to have > >that personal contact with each and every subscriber if you ever have > >to change network settings. With DHCP running it is real simple and > >quick to edit the DHCP config and wait for the DHCP client renewal . > > > >My advice is completely the opposite. Use DHCP for all of your > >customers. You will be happy you did and will mutter things when you > >encounter someone who is not on DHCP. > > > >The personal contact is nice but what if you have several hundred > >customers? That is just a little too nice for my tastes. > > > >Lonnie > > > >On 12/6/05, Marlon K. Schafer (509) 982-2181 <[EMAIL PROTECTED]> > wrote: > >> Don't run DHCP! And use mac filtering at the ap's. (I use the > smartbridges > >> ap's. they'll do radius and authenticate wireless subs just like my > dialup > >> ones.) > >> > >> Marlon > >> (509) 982-2181 Equipment sales > >> (408) 907-6910 (Vonage) Consulting services > >> 42846865 (icq) And I run my own > wisp! > >> 64.146.146.12 (net meeting) > >> www.odessaoffice.com/wireless > >> www.odessaoffice.com/marlon/cam > >> > >> > >> > >> ----- Original Message ----- > >> From: "Jason" <[EMAIL PROTECTED]> > >> To: "WISPA General List" <wireless@wispa.org> > >> Sent: Monday, December 05, 2005 9:39 PM > >> Subject: Re: [WISPA] How to Authenticate/Protect (WasEthernet > >> basedauthentication) > >> > >> > >> > Marlon, > >> > > >> > I appreciate the advice. Mostly I am interested in bullet proof > >> > authentication of my clients. Any suggestions? > >> > > >> > Jason > >> > > >> > Marlon K. Schafer (509) 982-2181 wrote: > >> > > >> >> Hiya Jason, > >> >> > >> >> You are mixing your networks.... You won't normally run a > homebrew > >> >> product to provide a top notch service. > >> >> > >> >> If security is of THAT great an importance to you, you should NOT > run > >> >> wifi anything. Put in something much more off the wall. It's a > lot > >> >> harder to snoop if you don't use one of the world's most common > >> >> protocols. > >> >> > >> >> For these business guys I'd run Trango or something like that. > Good > >> >> stuff but not nearly as much of it in use and no free tools on the > >> >> internet for intercepting and cracking the data stream. > >> >> > >> >> What we do is remind our customers that this is the internet. > They are > >> >> hanging out there for thousands upon thousands of people who's > only > >> >> purpose in life is breaking into their machines and seeing what > they can > >> >> learn. If they have data that's that sensitive then they need a > high end > >> >> internal firewall and they need to VPN all internet traffic. > >> >> > >> >> That help? > >> >> Marlon > >> >> (509) 982-2181 Equipment sales > >> >> (408) 907-6910 (Vonage) Consulting services > >> >> 42846865 (icq) And I run my > own wisp! > >> >> 64.146.146.12 (net meeting) > >> >> www.odessaoffice.com/wireless > >> >> www.odessaoffice.com/marlon/cam > >> >> > >> >> > >> >> > >> >> ----- Original Message ----- From: "Jason" > <[EMAIL PROTECTED]> > >> >> To: "WISPA General List" <wireless@wispa.org> > >> >> Sent: Friday, December 02, 2005 3:20 PM > >> >> Subject: [WISPA] How to Authenticate/Protect (Was Ethernet > >> >> basedauthentication) > >> >> > >> >> > >> >>> List, > >> >>> > >> >>> I am on the precipice, ready to take the plunge and become a > WISP > >> >>> (After 1 year of zoning, permits, 16 hr days, etc), but one > thing still > >> >>> bothers me. I haven't decided how to authenticate clients to my > network > >> >>> and REALLY protect their data. The CPE's I will use, > rootenna/Senao2611 > >> >>> combos, do only WEP, which only obfuscates data nowadays. MAC > addresses > >> >>> can be cloned. Proxy login via a browser is obnoxious for the > end user. > >> >>> Ditto PPPoE & VPN logins. There is just no elegant, KISS > solution. I > >> >>> was looking at PPPoE or PPTP (poptop/linux) with Radius as my > system, > >> >>> since this would accomplish it, but seems like so much trouble > and > >> >>> overhead. PPTP is not Mac friendly, PPPoE requires clients > (gasp) or a > >> >>> router (gack!) and the PPPoE server shipping with Linux is > meant "for > >> >>> testing purposes only - man". I want an Always On (apparently) > system > >> >>> for my clients that just works. > >> >>> > >> >>> How do you other (small) WISPs do this? > >> >>> > >> >>> Tangent: How do you Senao 2611 users keep Netbios & windows > network > >> >>> neighborhood data off the wireless network. I was told to add a > SOHO > >> >>> router to the mix, but don't want to invest in more equipment to > >> >>> maintain. > >> >>> > >> >>> Jason Wallace > >> >>> -- > >> >>> WISPA Wireless List: wireless@wispa.org > >> >>> > >> >>> Subscribe/Unsubscribe: > >> >>> http://lists.wispa.org/mailman/listinfo/wireless > >> >>> > >> >>> Archives: http://lists.wispa.org/pipermail/wireless/ > >> >>> > >> >> > >> > -- > >> > WISPA Wireless List: wireless@wispa.org > >> > > >> > Subscribe/Unsubscribe: > >> > http://lists.wispa.org/mailman/listinfo/wireless > >> > > >> > Archives: http://lists.wispa.org/pipermail/wireless/ > >> > > >> > >> -- > >> WISPA Wireless List: wireless@wispa.org > >> > >> Subscribe/Unsubscribe: > >> http://lists.wispa.org/mailman/listinfo/wireless > >> > >> Archives: http://lists.wispa.org/pipermail/wireless/ > >> > > > > > >-- > >Lonnie Nunweiler > >Valemount Networks Corporation > >http://www.star-os.com/ > >-- > >WISPA Wireless List: wireless@wispa.org > > > >Subscribe/Unsubscribe: > >http://lists.wispa.org/mailman/listinfo/wireless > > > >Archives: http://lists.wispa.org/pipermail/wireless/ > Ron Wallace > Hahnron, Inc. > 220 S. Jackson St. > Addison, MI 49220 > > Phone: (517) 547-8410 > Mobile: (517) 605-4542 > e-mail: [EMAIL PROTECTED] > -- > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -- Lonnie Nunweiler Valemount Networks Corporation http://www.star-os.com/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
