How were you looking at routing to use 3 for 1? I have never setup routing that way and would like to be sure I don't. I am running fully routed from the get-go, with 3 internal routers and a 4th going in Friday. Actually 2 MTs as router only and 2 that are "routing APs". Scott Reed Owner NewWays Wireless Networking Network Design, Installation and Administration www.nwwnet.net The season is Christmas, not X-mas, not the holiday, but Christmas, because Christ was born to provide salvation to all who will believe! ---------- Original Message ----------- From: "Marlon K. Schafer (509) 982-2181" <[EMAIL PROTECTED]> To: "WISPA General List" <wireless@wispa.org> Sent: Wed, 7 Dec 2005 10:05:52 -0800 Subject: Re: [WISPA] How to Authenticate/Protect(WasEthernetbasedauthentication) > The idea, for me is that by the time a company gets to the point that they > need to route they'll either know what they are doing. And/or they'll have > someone on staff just to handle that issue. > > The other problem I ran into back when was a shortage of ip addys. And > routing to every customer wastes three ip addys for every one you get to > actually use. I don't think that's responsible stewardship. > > My new ap's block client to client communications, and new manages switches > that will vlan and packet filter will be the next upgrades I'll do. > > We just broke the network in two. So I've got 150ish broadband subs on one > system and 150 on another. Not exact numbers but close. One of the systems > went from t-1 to 10 meg so I don't have good numbers as to performance > issues. > > The other one still has 100 megs coming into it. On that system I see no > difference. > > I'm sure there's room for improvement. There always will be if a guy wants > to stay anywhere near the head of the pack. > > One other thing that's not been brought up yet is over building. Today we > can build 3 to 10x more capacity into the network than the average customer > is demanding for the same cost or very nearly so as building to meet > customer demands. Having more capacity than is needed, so far, is allowing > us to significantly simplify the network. Anyone can walk in here tomorrow > and take over with a few phone calls to tech support at most. There's > nothing fancy going on here. That's part of why I can take care of 250 > wireless subs, 50 fiber customers and hundreds of dialup people with me and > two gals that share a part time office job. Our wireless churn is almost > nil. I've lost a couple lately due to some trouble at a tower site. It's > caused by jerk off competitors and their 1 watt amps and 15+ db sector > antennas though. And I tried to use a $120 sector where I normally use $400 > ones. I'm not sure I'll ever learn that lesson :-). > > Will we have to redo the network at some point in the future? Sure. Will > it suck? Sure. But that's then and this is now. We just redid half of it > and it sucked. Big time. But only for a few days. WE have taken the time > to teach our customers how to do their own networking stuff just like we > took the time to teach them how to do their own dialup stuff. When we need > to make changes (or the customer changes their gear) they can usually take > care of it themselves or with a little help from us via the phone. > > Both models work. The real trick is making sure that they get deployed in > the right situation. Too big of a hammer is sometimes just as bad as too > small of a one or vice verse. > > Oh yeah, I'm tired of hearing small networks getting talked down to. With > 100 subs the average guy should be putting $2,000 to $3,000 per month in the > bank. That's enough money to keep the average mom home with the kids! We'd > be there today if we would just stop growing. Man, a mom at home with the > kids AND good cars to drive and a dad that's not working 80 hours per week. > Small WISPs are right in there with the American dream man! This is good > stuff! > > Laters, > Marlon > (509) 982-2181 Equipment sales > (408) 907-6910 (Vonage) Consulting services > 42846865 (icq) And I run my own wisp! > 64.146.146.12 (net meeting) > www.odessaoffice.com/wireless > www.odessaoffice.com/marlon/cam > > ----- Original Message ----- > From: "Lonnie Nunweiler" <[EMAIL PROTECTED]> > To: "WISPA General List" <wireless@wispa.org> > Sent: Tuesday, December 06, 2005 5:43 PM > Subject: Re: [WISPA] How to > Authenticate/Protect(WasEthernetbasedauthentication) > > And that is the second thing that guys do wrong. They use simple > bridged clients which are vulnerable to the issue of the backwards > router and they create a host of other issues. > > You are building a network that connects to the Internet so why not > use the same network design that the Internet uses? Routed. Sure you > will find sections that are bridged but anything that leaves the > backbone is routed to the customer. > > Bridged or rather no design is fine for small simple networks. Just > plug things in and get on to the next job. As you grow the troubles > will begin and then, eventually, you will have to reorganize your > entire network and move to a routed design. Why wait for all that > pain? Do it right, from the start. Allow yourself to grow and not > have to go through that second painful redesign. > > I am usually silent and just watch the lists, but when I see wrong > advice given I cannot watch in silence. It is wrong to not use DHCP > and it is wrong to use a bridged design. If you have intentions of > doing any sort of large customer base, please plan it correctly from > the start. Do not listen to the guys who tell you to do it quick and > dirty. I know this sounds preachy, but man, I get 10 calls a day from > people who have stated out quick and dirty and they reach a certain > size or get certain types of traffic, and their network just > collapses. The fix is to go to routed and when they realize how much > work it is to convert it, they all wish they had followed my > consistent advice. For more than 5 years I have said the same thing > on the various lists. I even got kicked off the Judd list for not > backing down and agreeing that hacked together bridges were the way to > go. > > Regards, > Lonnie > > On 12/6/05, Marlon K. Schafer (509) 982-2181 <[EMAIL PROTECTED]> wrote: > > Yeah, until some lunkhead plugs his dsl router in backward. As they do > > all > > the time around here.... > > > > No thanks, no more DHCP troubles for me. Been there done that. Twice. > > Never again. > > > > Marlon > > (509) 982-2181 Equipment sales > > (408) 907-6910 (Vonage) Consulting services > > 42846865 (icq) And I run my own wisp! > > 64.146.146.12 (net meeting) > > www.odessaoffice.com/wireless > > www.odessaoffice.com/marlon/cam > > > > > > > > ----- Original Message ----- > > From: "Lonnie Nunweiler" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]>; "WISPA General List" <wireless@wispa.org> > > Sent: Tuesday, December 06, 2005 2:27 PM > > Subject: Re: [WISPA] How to Authenticate/Protect > > (WasEthernetbasedauthentication) > > > > > > The same way you do it if you didn't run DHCP. Use PPPoE, HotSpot, > > static DHCP based on MAC, ACL for association at the AP, any number of > > ways. > > > > DHCP has little to do with authentication, although it can be a part > > of the process. What DHCP does is automate the user TCP settings so > > that if you renumber your system in order to move to routing it is > > painless to assign new numbers. If you have to change DNS servers > > then that is also easy. Just change the DHCP config and within an > > hour everybody is using the new DNS. > > > > Don't run a network without it. It is priceless. > > > > Lonnie > > > > > > On 12/6/05, Ron Wallace <[EMAIL PROTECTED]> wrote: > > > Lonnie, > > > So Lonnie, if I run DHCP, on my customers IP's, how do I authenticate > > > the users. I'm a real rookie at this. > > > Ron Wallace > > > ---- Original message ---- > > > >Date: Tue, 6 Dec 2005 11:52:08 -0800 > > > >From: Lonnie Nunweiler <[EMAIL PROTECTED]> > > > >Subject: Re: [WISPA] How to Authenticate/Protect (WasEthernet > > > basedauthentication) > > > >To: WISPA General List <wireless@wispa.org> > > > > > > > >If you take Marlon's advice and do not run DHCP then you get to have > > > >that personal contact with each and every subscriber if you ever have > > > >to change network settings. With DHCP running it is real simple and > > > >quick to edit the DHCP config and wait for the DHCP client renewal . > > > > > > > >My advice is completely the opposite. Use DHCP for all of your > > > >customers. You will be happy you did and will mutter things when you > > > >encounter someone who is not on DHCP. > > > > > > > >The personal contact is nice but what if you have several hundred > > > >customers? That is just a little too nice for my tastes. > > > > > > > >Lonnie > > > > > > > >On 12/6/05, Marlon K. Schafer (509) 982-2181 <[EMAIL PROTECTED]> > > > wrote: > > > >> Don't run DHCP! And use mac filtering at the ap's. (I use the > > > smartbridges > > > >> ap's. they'll do radius and authenticate wireless subs just like my > > > dialup > > > >> ones.) > > > >> > > > >> Marlon > > > >> (509) 982-2181 Equipment sales > > > >> (408) 907-6910 (Vonage) Consulting services > > > >> 42846865 (icq) And I run my own > > > wisp! > > > >> 64.146.146.12 (net meeting) > > > >> www.odessaoffice.com/wireless > > > >> www.odessaoffice.com/marlon/cam > > > >> > > > >> > > > >> > > > >> ----- Original Message ----- > > > >> From: "Jason" <[EMAIL PROTECTED]> > > > >> To: "WISPA General List" <wireless@wispa.org> > > > >> Sent: Monday, December 05, 2005 9:39 PM > > > >> Subject: Re: [WISPA] How to Authenticate/Protect (WasEthernet > > > >> basedauthentication) > > > >> > > > >> > > > >> > Marlon, > > > >> > > > > >> > I appreciate the advice. Mostly I am interested in bullet proof > > > >> > authentication of my clients. Any suggestions? > > > >> > > > > >> > Jason > > > >> > > > > >> > Marlon K. Schafer (509) 982-2181 wrote: > > > >> > > > > >> >> Hiya Jason, > > > >> >> > > > >> >> You are mixing your networks.... You won't normally run a > > > homebrew > > > >> >> product to provide a top notch service. > > > >> >> > > > >> >> If security is of THAT great an importance to you, you should NOT > > > run > > > >> >> wifi anything. Put in something much more off the wall. It's a > > > lot > > > >> >> harder to snoop if you don't use one of the world's most common > > > >> >> protocols. > > > >> >> > > > >> >> For these business guys I'd run Trango or something like that. > > > Good > > > >> >> stuff but not nearly as much of it in use and no free tools on the > > > >> >> internet for intercepting and cracking the data stream. > > > >> >> > > > >> >> What we do is remind our customers that this is the internet. > > > They are > > > >> >> hanging out there for thousands upon thousands of people who's > > > only > > > >> >> purpose in life is breaking into their machines and seeing what > > > they can > > > >> >> learn. If they have data that's that sensitive then they need a > > > high end > > > >> >> internal firewall and they need to VPN all internet traffic. > > > >> >> > > > >> >> That help? > > > >> >> Marlon > > > >> >> (509) 982-2181 Equipment sales > > > >> >> (408) 907-6910 (Vonage) Consulting services > > > >> >> 42846865 (icq) And I run my > > > own wisp! > > > >> >> 64.146.146.12 (net meeting) > > > >> >> www.odessaoffice.com/wireless > > > >> >> www.odessaoffice.com/marlon/cam > > > >> >> > > > >> >> > > > >> >> > > > >> >> ----- Original Message ----- From: "Jason" > > > <[EMAIL PROTECTED]> > > > >> >> To: "WISPA General List" <wireless@wispa.org> > > > >> >> Sent: Friday, December 02, 2005 3:20 PM > > > >> >> Subject: [WISPA] How to Authenticate/Protect (Was Ethernet > > > >> >> basedauthentication) > > > >> >> > > > >> >> > > > >> >>> List, > > > >> >>> > > > >> >>> I am on the precipice, ready to take the plunge and become a > > > WISP > > > >> >>> (After 1 year of zoning, permits, 16 hr days, etc), but one > > > thing still > > > >> >>> bothers me. I haven't decided how to authenticate clients to my > > > network > > > >> >>> and REALLY protect their data. The CPE's I will use, > > > rootenna/Senao2611 > > > >> >>> combos, do only WEP, which only obfuscates data nowadays. MAC > > > addresses > > > >> >>> can be cloned. Proxy login via a browser is obnoxious for the > > > end user. > > > >> >>> Ditto PPPoE & VPN logins. There is just no elegant, KISS > > > solution. I > > > >> >>> was looking at PPPoE or PPTP (poptop/linux) with Radius as my > > > system, > > > >> >>> since this would accomplish it, but seems like so much trouble > > > and > > > >> >>> overhead. PPTP is not Mac friendly, PPPoE requires clients > > > (gasp) or a > > > >> >>> router (gack!) and the PPPoE server shipping with Linux is > > > meant "for > > > >> >>> testing purposes only - man". I want an Always On (apparently) > > > system > > > >> >>> for my clients that just works. > > > >> >>> > > > >> >>> How do you other (small) WISPs do this? > > > >> >>> > > > >> >>> Tangent: How do you Senao 2611 users keep Netbios & windows > > > network > > > >> >>> neighborhood data off the wireless network. I was told to add a > > > SOHO > > > >> >>> router to the mix, but don't want to invest in more equipment to > > > >> >>> maintain. > > > >> >>> > > > >> >>> Jason Wallace > > > >> >>> -- > > > >> >>> WISPA Wireless List: wireless@wispa.org > > > >> >>> > > > >> >>> Subscribe/Unsubscribe: > > > >> >>> http://lists.wispa.org/mailman/listinfo/wireless > > > >> >>> > > > >> >>> Archives: http://lists.wispa.org/pipermail/wireless/ > > > >> >>> > > > >> >> > > > >> > -- > > > >> > WISPA Wireless List: wireless@wispa.org > > > >> > > > > >> > Subscribe/Unsubscribe: > > > >> > http://lists.wispa.org/mailman/listinfo/wireless > > > >> > > > > >> > Archives: http://lists.wispa.org/pipermail/wireless/ > > > >> > > > > >> > > > >> -- > > > >> WISPA Wireless List: wireless@wispa.org > > > >> > > > >> Subscribe/Unsubscribe: > > > >> http://lists.wispa.org/mailman/listinfo/wireless > > > >> > > > >> Archives: http://lists.wispa.org/pipermail/wireless/ > > > >> > > > > > > > > > > > >-- > > > >Lonnie Nunweiler > > > >Valemount Networks Corporation > > > >http://www.star-os.com/ > > > >-- > > > >WISPA Wireless List: wireless@wispa.org > > > > > > > >Subscribe/Unsubscribe: > > > >http://lists.wispa.org/mailman/listinfo/wireless > > > > > > > >Archives: http://lists.wispa.org/pipermail/wireless/ > > > Ron Wallace > > > Hahnron, Inc. > > > 220 S. Jackson St. > > > Addison, MI 49220 > > > > > > Phone: (517) 547-8410 > > > Mobile: (517) 605-4542 > > > e-mail: [EMAIL PROTECTED] > > > -- > > > WISPA Wireless List: wireless@wispa.org > > > > > > Subscribe/Unsubscribe: > > > http://lists.wispa.org/mailman/listinfo/wireless > > > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > > > > -- > > Lonnie Nunweiler > > Valemount Networks Corporation > > http://www.star-os.com/ > > -- > > WISPA Wireless List: wireless@wispa.org > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > -- > > WISPA Wireless List: wireless@wispa.org > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > -- > Lonnie Nunweiler > Valemount Networks Corporation > http://www.star-os.com/ > -- > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > -- > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ ------- End of Original Message ------- |
-- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/