The idea, for me is that by the time a company gets to the point that they
need to route they'll either know what they are doing. And/or they'll have
someone on staff just to handle that issue.
The other problem I ran into back when was a shortage of ip addys. And
routing to every customer wastes three ip addys for every one you get to
actually use. I don't think that's responsible stewardship.
My new ap's block client to client communications, and new manages switches
that will vlan and packet filter will be the next upgrades I'll do.
We just broke the network in two. So I've got 150ish broadband subs on one
system and 150 on another. Not exact numbers but close. One of the systems
went from t-1 to 10 meg so I don't have good numbers as to performance
issues.
The other one still has 100 megs coming into it. On that system I see no
difference.
I'm sure there's room for improvement. There always will be if a guy wants
to stay anywhere near the head of the pack.
One other thing that's not been brought up yet is over building. Today we
can build 3 to 10x more capacity into the network than the average customer
is demanding for the same cost or very nearly so as building to meet
customer demands. Having more capacity than is needed, so far, is allowing
us to significantly simplify the network. Anyone can walk in here tomorrow
and take over with a few phone calls to tech support at most. There's
nothing fancy going on here. That's part of why I can take care of 250
wireless subs, 50 fiber customers and hundreds of dialup people with me and
two gals that share a part time office job. Our wireless churn is almost
nil. I've lost a couple lately due to some trouble at a tower site. It's
caused by jerk off competitors and their 1 watt amps and 15+ db sector
antennas though. And I tried to use a $120 sector where I normally use $400
ones. I'm not sure I'll ever learn that lesson :-).
Will we have to redo the network at some point in the future? Sure. Will
it suck? Sure. But that's then and this is now. We just redid half of it
and it sucked. Big time. But only for a few days. WE have taken the time
to teach our customers how to do their own networking stuff just like we
took the time to teach them how to do their own dialup stuff. When we need
to make changes (or the customer changes their gear) they can usually take
care of it themselves or with a little help from us via the phone.
Both models work. The real trick is making sure that they get deployed in
the right situation. Too big of a hammer is sometimes just as bad as too
small of a one or vice verse.
Oh yeah, I'm tired of hearing small networks getting talked down to. With
100 subs the average guy should be putting $2,000 to $3,000 per month in the
bank. That's enough money to keep the average mom home with the kids! We'd
be there today if we would just stop growing. Man, a mom at home with the
kids AND good cars to drive and a dad that's not working 80 hours per week.
Small WISPs are right in there with the American dream man! This is good
stuff!
Laters,
Marlon
(509) 982-2181 Equipment sales
(408) 907-6910 (Vonage) Consulting services
42846865 (icq) And I run my own wisp!
64.146.146.12 (net meeting)
www.odessaoffice.com/wireless
www.odessaoffice.com/marlon/cam
----- Original Message -----
From: "Lonnie Nunweiler" <[EMAIL PROTECTED]>
To: "WISPA General List" <wireless@wispa.org>
Sent: Tuesday, December 06, 2005 5:43 PM
Subject: Re: [WISPA] How to
Authenticate/Protect(WasEthernetbasedauthentication)
And that is the second thing that guys do wrong. They use simple
bridged clients which are vulnerable to the issue of the backwards
router and they create a host of other issues.
You are building a network that connects to the Internet so why not
use the same network design that the Internet uses? Routed. Sure you
will find sections that are bridged but anything that leaves the
backbone is routed to the customer.
Bridged or rather no design is fine for small simple networks. Just
plug things in and get on to the next job. As you grow the troubles
will begin and then, eventually, you will have to reorganize your
entire network and move to a routed design. Why wait for all that
pain? Do it right, from the start. Allow yourself to grow and not
have to go through that second painful redesign.
I am usually silent and just watch the lists, but when I see wrong
advice given I cannot watch in silence. It is wrong to not use DHCP
and it is wrong to use a bridged design. If you have intentions of
doing any sort of large customer base, please plan it correctly from
the start. Do not listen to the guys who tell you to do it quick and
dirty. I know this sounds preachy, but man, I get 10 calls a day from
people who have stated out quick and dirty and they reach a certain
size or get certain types of traffic, and their network just
collapses. The fix is to go to routed and when they realize how much
work it is to convert it, they all wish they had followed my
consistent advice. For more than 5 years I have said the same thing
on the various lists. I even got kicked off the Judd list for not
backing down and agreeing that hacked together bridges were the way to
go.
Regards,
Lonnie
On 12/6/05, Marlon K. Schafer (509) 982-2181 <[EMAIL PROTECTED]> wrote:
Yeah, until some lunkhead plugs his dsl router in backward. As they do
all
the time around here....
No thanks, no more DHCP troubles for me. Been there done that. Twice.
Never again.
Marlon
(509) 982-2181 Equipment sales
(408) 907-6910 (Vonage) Consulting services
42846865 (icq) And I run my own wisp!
64.146.146.12 (net meeting)
www.odessaoffice.com/wireless
www.odessaoffice.com/marlon/cam
----- Original Message -----
From: "Lonnie Nunweiler" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "WISPA General List" <wireless@wispa.org>
Sent: Tuesday, December 06, 2005 2:27 PM
Subject: Re: [WISPA] How to Authenticate/Protect
(WasEthernetbasedauthentication)
The same way you do it if you didn't run DHCP. Use PPPoE, HotSpot,
static DHCP based on MAC, ACL for association at the AP, any number of
ways.
DHCP has little to do with authentication, although it can be a part
of the process. What DHCP does is automate the user TCP settings so
that if you renumber your system in order to move to routing it is
painless to assign new numbers. If you have to change DNS servers
then that is also easy. Just change the DHCP config and within an
hour everybody is using the new DNS.
Don't run a network without it. It is priceless.
Lonnie
On 12/6/05, Ron Wallace <[EMAIL PROTECTED]> wrote:
> Lonnie,
> So Lonnie, if I run DHCP, on my customers IP's, how do I authenticate
> the users. I'm a real rookie at this.
> Ron Wallace
> ---- Original message ----
> >Date: Tue, 6 Dec 2005 11:52:08 -0800
> >From: Lonnie Nunweiler <[EMAIL PROTECTED]>
> >Subject: Re: [WISPA] How to Authenticate/Protect (WasEthernet
> basedauthentication)
> >To: WISPA General List <wireless@wispa.org>
> >
> >If you take Marlon's advice and do not run DHCP then you get to have
> >that personal contact with each and every subscriber if you ever have
> >to change network settings. With DHCP running it is real simple and
> >quick to edit the DHCP config and wait for the DHCP client renewal .
> >
> >My advice is completely the opposite. Use DHCP for all of your
> >customers. You will be happy you did and will mutter things when you
> >encounter someone who is not on DHCP.
> >
> >The personal contact is nice but what if you have several hundred
> >customers? That is just a little too nice for my tastes.
> >
> >Lonnie
> >
> >On 12/6/05, Marlon K. Schafer (509) 982-2181 <[EMAIL PROTECTED]>
> wrote:
> >> Don't run DHCP! And use mac filtering at the ap's. (I use the
> smartbridges
> >> ap's. they'll do radius and authenticate wireless subs just like my
> dialup
> >> ones.)
> >>
> >> Marlon
> >> (509) 982-2181 Equipment sales
> >> (408) 907-6910 (Vonage) Consulting services
> >> 42846865 (icq) And I run my own
> wisp!
> >> 64.146.146.12 (net meeting)
> >> www.odessaoffice.com/wireless
> >> www.odessaoffice.com/marlon/cam
> >>
> >>
> >>
> >> ----- Original Message -----
> >> From: "Jason" <[EMAIL PROTECTED]>
> >> To: "WISPA General List" <wireless@wispa.org>
> >> Sent: Monday, December 05, 2005 9:39 PM
> >> Subject: Re: [WISPA] How to Authenticate/Protect (WasEthernet
> >> basedauthentication)
> >>
> >>
> >> > Marlon,
> >> >
> >> > I appreciate the advice. Mostly I am interested in bullet proof
> >> > authentication of my clients. Any suggestions?
> >> >
> >> > Jason
> >> >
> >> > Marlon K. Schafer (509) 982-2181 wrote:
> >> >
> >> >> Hiya Jason,
> >> >>
> >> >> You are mixing your networks.... You won't normally run a
> homebrew
> >> >> product to provide a top notch service.
> >> >>
> >> >> If security is of THAT great an importance to you, you should NOT
> run
> >> >> wifi anything. Put in something much more off the wall. It's a
> lot
> >> >> harder to snoop if you don't use one of the world's most common
> >> >> protocols.
> >> >>
> >> >> For these business guys I'd run Trango or something like that.
> Good
> >> >> stuff but not nearly as much of it in use and no free tools on the
> >> >> internet for intercepting and cracking the data stream.
> >> >>
> >> >> What we do is remind our customers that this is the internet.
> They are
> >> >> hanging out there for thousands upon thousands of people who's
> only
> >> >> purpose in life is breaking into their machines and seeing what
> they can
> >> >> learn. If they have data that's that sensitive then they need a
> high end
> >> >> internal firewall and they need to VPN all internet traffic.
> >> >>
> >> >> That help?
> >> >> Marlon
> >> >> (509) 982-2181 Equipment sales
> >> >> (408) 907-6910 (Vonage) Consulting services
> >> >> 42846865 (icq) And I run my
> own wisp!
> >> >> 64.146.146.12 (net meeting)
> >> >> www.odessaoffice.com/wireless
> >> >> www.odessaoffice.com/marlon/cam
> >> >>
> >> >>
> >> >>
> >> >> ----- Original Message ----- From: "Jason"
> <[EMAIL PROTECTED]>
> >> >> To: "WISPA General List" <wireless@wispa.org>
> >> >> Sent: Friday, December 02, 2005 3:20 PM
> >> >> Subject: [WISPA] How to Authenticate/Protect (Was Ethernet
> >> >> basedauthentication)
> >> >>
> >> >>
> >> >>> List,
> >> >>>
> >> >>> I am on the precipice, ready to take the plunge and become a
> WISP
> >> >>> (After 1 year of zoning, permits, 16 hr days, etc), but one
> thing still
> >> >>> bothers me. I haven't decided how to authenticate clients to my
> network
> >> >>> and REALLY protect their data. The CPE's I will use,
> rootenna/Senao2611
> >> >>> combos, do only WEP, which only obfuscates data nowadays. MAC
> addresses
> >> >>> can be cloned. Proxy login via a browser is obnoxious for the
> end user.
> >> >>> Ditto PPPoE & VPN logins. There is just no elegant, KISS
> solution. I
> >> >>> was looking at PPPoE or PPTP (poptop/linux) with Radius as my
> system,
> >> >>> since this would accomplish it, but seems like so much trouble
> and
> >> >>> overhead. PPTP is not Mac friendly, PPPoE requires clients
> (gasp) or a
> >> >>> router (gack!) and the PPPoE server shipping with Linux is
> meant "for
> >> >>> testing purposes only - man". I want an Always On (apparently)
> system
> >> >>> for my clients that just works.
> >> >>>
> >> >>> How do you other (small) WISPs do this?
> >> >>>
> >> >>> Tangent: How do you Senao 2611 users keep Netbios & windows
> network
> >> >>> neighborhood data off the wireless network. I was told to add a
> SOHO
> >> >>> router to the mix, but don't want to invest in more equipment to
> >> >>> maintain.
> >> >>>
> >> >>> Jason Wallace
> >> >>> --
> >> >>> WISPA Wireless List: wireless@wispa.org
> >> >>>
> >> >>> Subscribe/Unsubscribe:
> >> >>> http://lists.wispa.org/mailman/listinfo/wireless
> >> >>>
> >> >>> Archives: http://lists.wispa.org/pipermail/wireless/
> >> >>>
> >> >>
> >> > --
> >> > WISPA Wireless List: wireless@wispa.org
> >> >
> >> > Subscribe/Unsubscribe:
> >> > http://lists.wispa.org/mailman/listinfo/wireless
> >> >
> >> > Archives: http://lists.wispa.org/pipermail/wireless/
> >> >
> >>
> >> --
> >> WISPA Wireless List: wireless@wispa.org
> >>
> >> Subscribe/Unsubscribe:
> >> http://lists.wispa.org/mailman/listinfo/wireless
> >>
> >> Archives: http://lists.wispa.org/pipermail/wireless/
> >>
> >
> >
> >--
> >Lonnie Nunweiler
> >Valemount Networks Corporation
> >http://www.star-os.com/
> >--
> >WISPA Wireless List: wireless@wispa.org
> >
> >Subscribe/Unsubscribe:
> >http://lists.wispa.org/mailman/listinfo/wireless
> >
> >Archives: http://lists.wispa.org/pipermail/wireless/
> Ron Wallace
> Hahnron, Inc.
> 220 S. Jackson St.
> Addison, MI 49220
>
> Phone: (517) 547-8410
> Mobile: (517) 605-4542
> e-mail: [EMAIL PROTECTED]
> --
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>
--
Lonnie Nunweiler
Valemount Networks Corporation
http://www.star-os.com/
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
--
Lonnie Nunweiler
Valemount Networks Corporation
http://www.star-os.com/
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
