I'm no expert so you guys feel free to correct me as needed.....
 
The smallest subnet needs 4 ip addys to work.  Even if it's three you get the idea.  Still a huge waste of a very limited and harder to get all the time resource.
 
Marlon
(509) 982-2181                                   Equipment sales
(408) 907-6910 (Vonage)                    Consulting services
42846865 (icq)                                    And I run my own wisp!
64.146.146.12 (net meeting)
www.odessaoffice.com/wireless
www.odessaoffice.com/marlon/cam
 

 
----- Original Message -----
From: Scott Reed
Sent: Wednesday, December 07, 2005 10:12 AM
Subject: Re: [WISPA] How toAuthenticate/Protect(WasEthernetbasedauthentication)


How were you looking at routing to use 3 for 1?  I have never setup routing that way and would like to be sure I don't.  I am running
fully routed from the get-go, with 3 internal routers and a 4th going in Friday.  Actually 2 MTs as router only and 2 that are
"routing APs".

Scott Reed
Owner
NewWays
Wireless Networking
Network Design, Installation and Administration
www.nwwnet.net

The season is Christmas, not X-mas, not the holiday, but Christmas, because
Christ was born to provide salvation to all who will believe!

---------- Original Message -----------
From: "Marlon K. Schafer (509) 982-2181" <[EMAIL PROTECTED]>
To: "WISPA General List" <wireless@wispa.org>
Sent: Wed, 7 Dec 2005 10:05:52 -0800
Subject: Re: [WISPA] How to Authenticate/Protect(WasEthernetbasedauthentication)

> The idea, for me is that by the time a company gets to the point that they
> need to route they'll either know what they are doing.  And/or they'll have
> someone on staff just to handle that issue.
>
> The other problem I ran into back when was a shortage of ip addys.  And
> routing to every customer wastes three ip addys for every one you get to
> actually use.  I don't think that's responsible stewardship.

>
> My new ap's block client to client communications, and new manages switches
> that will vlan and packet filter will be the next upgrades I'll do.
>
> We just broke the network in two.  So I've got 150ish broadband subs on one
> system and 150 on another.  Not exact numbers but close.  One of the systems
> went from t-1 to 10 meg so I don't have good numbers as to performance
> issues.
>
> The other one still has 100 megs coming into it.  On that system I see no
> difference.
>
> I'm sure there's room for improvement.  There always will be if a guy wants
> to stay anywhere near the head of the pack.
>
> One other thing that's not been brought up yet is over building.  Today we
> can build 3 to 10x more capacity into the network than the average customer
> is demanding for the same cost or very nearly so as building to meet
> customer demands.  Having more capacity than is needed, so far, is allowing
> us to significantly simplify the network.  Anyone can walk in here tomorrow
> and take over with a few phone calls to tech support at most.  There's
> nothing fancy going on here.  That's part of why I can take care of 250
> wireless subs, 50 fiber customers and hundreds of dialup people with me and
> two gals that share a part time office job.  Our wireless churn is almost
> nil.  I've lost a couple lately due to some trouble at a tower site.   It's
> caused by jerk off competitors and their 1 watt amps and 15+ db sector
> antennas though.  And I tried to use a $120 sector where I normally use $400
> ones.  I'm not sure I'll ever learn that lesson :-).
>
> Will we have to redo the network at some point in the future?  Sure.   Will
> it suck?  Sure.  But that's then and this is now.  We just redid half of it
> and it sucked.  Big time.  But only for a few days.  WE have taken the time
> to teach our customers how to do their own networking stuff just like we
> took the time to teach them how to do their own dialup stuff.  When we need
> to make changes (or the customer changes their gear) they can usually take
> care of it themselves or with a little help from us via the phone.
>
> Both models work.  The real trick is making sure that they get deployed in
> the right situation.  Too big of a hammer is sometimes just as bad as too
> small of a one or vice verse.
>
> Oh yeah, I'm tired of hearing small networks getting talked down to.  With
> 100 subs the average guy should be putting $2,000 to $3,000 per month in the
> bank.  That's enough money to keep the average mom home with the kids!   We'd
> be there today if we would just stop growing.  Man, a mom at home with the
> kids AND good cars to drive and a dad that's not working 80 hours per week.
> Small WISPs are right in there with the American dream man!  This is good
> stuff!
>
> Laters,
> Marlon
> (509) 982-2181                                   Equipment sales
> (408) 907-6910 (Vonage)                    Consulting services
> 42846865 (icq)                                    And I run my own wisp!
> 64.146.146.12 (net meeting)
> www.odessaoffice.com/wireless
> www.odessaoffice.com/marlon/cam
>
> ----- Original Message -----
> From: "Lonnie Nunweiler" <[EMAIL PROTECTED]>
> To: "WISPA General List" <wireless@wispa.org>
> Sent: Tuesday, December 06, 2005 5:43 PM
> Subject: Re: [WISPA] How to
> Authenticate/Protect(WasEthernetbasedauthentication)
>
> And that is the second thing that guys do wrong.  They use simple
> bridged clients which are vulnerable to the issue of the backwards
> router and they create a host of other issues.
>
> You are building a network that connects to the Internet so why not
> use the same network design that the Internet uses?  Routed.  Sure you
> will find sections that are bridged but anything that leaves the
> backbone is routed to the customer.
>
> Bridged or rather no design is fine for small simple networks.  Just
> plug things in and get on to the next job.  As you grow the troubles
> will begin and then, eventually, you will have to reorganize your
> entire network and move to a routed design.  Why wait for all that
> pain?  Do it right, from the start.  Allow yourself to grow and not
> have to go through that second painful redesign.
>
> I am usually silent and just watch the lists, but when I see wrong
> advice given I cannot watch in silence.  It is wrong to not use DHCP
> and it is wrong to use a bridged design.  If you have intentions of
> doing any sort of large customer base, please plan it correctly from
> the start.  Do not listen to the guys who tell you to do it quick and
> dirty.  I know this sounds preachy, but man, I get 10 calls a day from
> people who have stated out quick and dirty and they reach a certain
> size or get certain types of traffic, and their network just
> collapses.  The fix is to go to routed and when they realize how much
> work it is to convert it, they all wish they had followed my
> consistent advice.  For more than 5 years I have said the same thing
> on the various lists.  I even got kicked off the Judd list for not
> backing down and agreeing that hacked together bridges were the way to
> go.
>
> Regards,
> Lonnie
>
> On 12/6/05, Marlon K. Schafer (509) 982-2181 <[EMAIL PROTECTED]> wrote:
> > Yeah, until some lunkhead plugs his dsl router in backward.  As they do
> > all
> > the time around here....
> >
> > No thanks, no more DHCP troubles for me.  Been there done that.   Twice.
> > Never again.
> >
> > Marlon
> > (509) 982-2181                                   Equipment sales
> > (408) 907-6910 (Vonage)                    Consulting services
> > 42846865 (icq)                                    And I run my own wisp!
> > 64.146.146.12 (net meeting)
> > www.odessaoffice.com/wireless
> > www.odessaoffice.com/marlon/cam
> >
> >
> >
> > ----- Original Message -----
> > From: "Lonnie Nunweiler" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>; "WISPA General List" <wireless@wispa.org>
> > Sent: Tuesday, December 06, 2005 2:27 PM
> > Subject: Re: [WISPA] How to Authenticate/Protect
> > (WasEthernetbasedauthentication)
> >
> >
> > The same way you do it if you didn't run DHCP.  Use PPPoE, HotSpot,
> > static DHCP based on MAC, ACL for association at the AP, any number of
> > ways.
> >
> > DHCP has little to do with authentication, although it can be a part
> > of the process.  What DHCP does is automate the user TCP settings so
> > that if you renumber your system in order to move to routing it is
> > painless to assign new numbers.  If you have to change DNS servers
> > then that is also easy.  Just change the DHCP config and within an
> > hour everybody is using the new DNS.
> >
> > Don't run a network without it.  It is priceless.
> >
> > Lonnie
> >
> >
> > On 12/6/05, Ron Wallace <[EMAIL PROTECTED]> wrote:
> > > Lonnie,
> > > So Lonnie, if I run DHCP, on my customers IP's, how do I authenticate
> > > the users.  I'm a real rookie at this.
> > > Ron Wallace
> > > ---- Original message ----
> > > >Date: Tue, 6 Dec 2005 11:52:08 -0800
> > > >From: Lonnie Nunweiler <[EMAIL PROTECTED]>
> > > >Subject: Re: [WISPA] How to Authenticate/Protect (WasEthernet
> > > basedauthentication)
> > > >To: WISPA General List <wireless@wispa.org>
> > > >
> > > >If you take Marlon's advice and do not run DHCP then you get to have
> > > >that personal contact with each and every subscriber if you ever have
> > > >to change network settings.  With DHCP running it is real simple and
> > > >quick to edit the DHCP config and wait for the DHCP client renewal .
> > > >
> > > >My advice is completely the opposite.  Use DHCP for all of your
> > > >customers.  You will be happy you did and will mutter things when you
> > > >encounter someone who is not on DHCP.
> > > >
> > > >The personal contact is nice but what if you have several hundred
> > > >customers?  That is just a little too nice for my tastes.
> > > >
> > > >Lonnie
> > > >
> > > >On 12/6/05, Marlon K. Schafer (509) 982-2181 <[EMAIL PROTECTED]>
> > > wrote:
> > > >> Don't run DHCP!  And use mac filtering at the ap's.   (I use the
> > > smartbridges
> > > >> ap's. they'll do radius and authenticate wireless subs just like my
> > > dialup
> > > >> ones.)
> > > >>
> > > >> Marlon
> > > >> (509) 982-2181                                   Equipment sales
> > > >> (408) 907-6910 (Vonage)                    Consulting services
> > > >> 42846865 (icq)                                    And I run my own
> > > wisp!
> > > >> 64.146.146.12 (net meeting)
> > > >> www.odessaoffice.com/wireless
> > > >> www.odessaoffice.com/marlon/cam
> > > >>
> > > >>
> > > >>
> > > >> ----- Original Message -----
> > > >> From: "Jason" <[EMAIL PROTECTED]>
> > > >> To: "WISPA General List" <wireless@wispa.org>
> > > >> Sent: Monday, December 05, 2005 9:39 PM
> > > >> Subject: Re: [WISPA] How to Authenticate/Protect (WasEthernet
> > > >> basedauthentication)
> > > >>
> > > >>
> > > >> > Marlon,
> > > >> >
> > > >> >    I appreciate the advice.  Mostly I am interested in bullet proof
> > > >> > authentication of my clients.  Any suggestions?
> > > >> >
> > > >> > Jason
> > > >> >
> > > >> > Marlon K. Schafer (509) 982-2181 wrote:
> > > >> >
> > > >> >> Hiya Jason,
> > > >> >>
> > > >> >> You are mixing your networks....  You won't normally run a
> > > homebrew
> > > >> >> product to provide a top notch service.
> > > >> >>
> > > >> >> If security is of THAT great an importance to you, you should NOT
> > > run
> > > >> >> wifi anything.  Put in something much more off the wall.  It's a
> > > lot
> > > >> >> harder to snoop if you don't use one of the world's most common
> > > >> >> protocols.
> > > >> >>
> > > >> >> For these business guys I'd run Trango or something like that.
> > > Good
> > > >> >> stuff but not nearly as much of it in use and no free tools on the
> > > >> >> internet for intercepting and cracking the data stream.
> > > >> >>
> > > >> >> What we do is remind our customers that this is the internet.
> > > They are
> > > >> >> hanging out there for thousands upon thousands of people who's
> > > only
> > > >> >> purpose in life is breaking into their machines and seeing what
> > > they can
> > > >> >> learn.  If they have data that's that sensitive then they need a
> > > high end
> > > >> >> internal firewall and they need to VPN all internet traffic.
> > > >> >>
> > > >> >> That help?
> > > >> >> Marlon
> > > >> >> (509) 982-2181                                   Equipment sales
> > > >> >> (408) 907-6910 (Vonage)                    Consulting services
> > > >> >> 42846865 (icq)                                     And I run my
> > > own wisp!
> > > >> >> 64.146.146.12 (net meeting)
> > > >> >> www.odessaoffice.com/wireless
> > > >> >> www.odessaoffice.com/marlon/cam
> > > >> >>
> > > >> >>
> > > >> >>
> > > >> >> ----- Original Message ----- From: "Jason"
> > > <[EMAIL PROTECTED]>
> > > >> >> To: "WISPA General List" <wireless@wispa.org>
> > > >> >> Sent: Friday, December 02, 2005 3:20 PM
> > > >> >> Subject: [WISPA] How to Authenticate/Protect (Was Ethernet
> > > >> >> basedauthentication)
> > > >> >>
> > > >> >>
> > > >> >>> List,
> > > >> >>>
> > > >> >>>    I am on the precipice, ready to take the plunge and become a
> > > WISP
> > > >> >>> (After 1 year of zoning, permits, 16 hr days, etc), but one
> > > thing still
> > > >> >>> bothers me.  I haven't decided how to authenticate clients to my
> > > network
> > > >> >>> and REALLY protect their data.  The CPE's I will use,
> > > rootenna/Senao2611
> > > >> >>> combos, do only WEP, which only obfuscates data nowadays. MAC
> > > addresses
> > > >> >>> can be cloned.  Proxy login via a browser is obnoxious for the
> > > end user.
> > > >> >>> Ditto PPPoE & VPN logins.  There is just no elegant, KISS
> > > solution.  I
> > > >> >>> was looking at PPPoE or PPTP (poptop/linux) with Radius as my
> > > system,
> > > >> >>> since this would accomplish it, but seems like so much trouble
> > > and
> > > >> >>> overhead. PPTP is not Mac friendly, PPPoE requires clients
> > > (gasp) or a
> > > >> >>> router (gack!) and the PPPoE server shipping with Linux is
> > > meant "for
> > > >> >>> testing purposes only - man".  I want an Always On (apparently)
> > > system
> > > >> >>> for my clients that just works.
> > > >> >>>
> > > >> >>> How do you other (small) WISPs do this?
> > > >> >>>
> > > >> >>>    Tangent: How do you Senao 2611 users keep Netbios & windows
> > > network
> > > >> >>> neighborhood data off the wireless network.   I was told to add a
> > > SOHO
> > > >> >>> router to the mix, but don't want to invest in more equipment to
> > > >> >>> maintain.
> > > >> >>>
> > > >> >>> Jason Wallace
> > > >> >>> --
> > > >> >>> WISPA Wireless List: wireless@wispa.org
> > > >> >>>
> > > >> >>> Subscribe/Unsubscribe:
> > > >> >>> http://lists.wispa.org/mailman/listinfo/wireless
> > > >> >>>
> > > >> >>> Archives: http://lists.wispa.org/pipermail/wireless/
> > > >> >>>
> > > >> >>
> > > >> > --
> > > >> > WISPA Wireless List: wireless@wispa.org
> > > >> >
> > > >> > Subscribe/Unsubscribe:
> > > >> > http://lists.wispa.org/mailman/listinfo/wireless
> > > >> >
> > > >> > Archives: http://lists.wispa.org/pipermail/wireless/
> > > >> >
> > > >>
> > > >> --
> > > >> WISPA Wireless List: wireless@wispa.org
> > > >>
> > > >> Subscribe/Unsubscribe:
> > > >> http://lists.wispa.org/mailman/listinfo/wireless
> > > >>
> > > >> Archives: http://lists.wispa.org/pipermail/wireless/
> > > >>
> > > >
> > > >
> > > >--
> > > >Lonnie Nunweiler
> > > >Valemount Networks Corporation
> > > >http://www.star-os.com/
> > > >--
> > > >WISPA Wireless List: wireless@wispa.org
> > > >
> > > >Subscribe/Unsubscribe:
> > > >http://lists.wispa.org/mailman/listinfo/wireless
> > > >
> > > >Archives: http://lists.wispa.org/pipermail/wireless/
> > > Ron Wallace
> > > Hahnron, Inc.
> > > 220 S. Jackson St.
> > > Addison, MI 49220
> > >
> > > Phone:  (517) 547-8410
> > > Mobile:  (517) 605-4542
> > > e-mail:   [EMAIL PROTECTED]
> > > --
> > > WISPA Wireless List: wireless@wispa.org
> > >
> > > Subscribe/Unsubscribe:
> > > http://lists.wispa.org/mailman/listinfo/wireless
> > >
> > > Archives: http://lists.wispa.org/pipermail/wireless/
> > >
> >
> >
> > --
> > Lonnie Nunweiler
> > Valemount Networks Corporation
> > http://www.star-os.com/
> > --
> > WISPA Wireless List: wireless@wispa.org
> >
> > Subscribe/Unsubscribe:
> > http://lists.wispa.org/mailman/listinfo/wireless
> >
> > Archives: http://lists.wispa.org/pipermail/wireless/
> >
> > --
> > WISPA Wireless List: wireless@wispa.org
> >
> > Subscribe/Unsubscribe:
> > http://lists.wispa.org/mailman/listinfo/wireless
> >
> > Archives: http://lists.wispa.org/pipermail/wireless/
> >
>
> --
> Lonnie Nunweiler
> Valemount Networks Corporation
> http://www.star-os.com/
> --
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>
> --
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
------- End of Original Message -------


--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/
-- 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Reply via email to