I want to take this opportunity to share with these lists some things that we have recently done with a Mikrotik RouterOS based network. This may seem to some like "blatant advertising", but it is certainly not intended to be that.

Many of you have looked for a solution that will let you do some of the things that we now have working (testing is still underway) using pure Mikrotik network. The network is a 13 AP network (2.4GHz) that covers an entire city. There are a few small areas that do not currently have coverage, but these can be filled in easily as they are identified. The network was built by a small city in eastern OK (I won't go into detail here). The intent of the network was to provide for first responders with access to the internet as well as city resources. In addition to this, the city wanted to make the network available for internet access to the general public (I don't know the details, but my understanding is that local ISPs will handle this part).

Obviously, we needed to make certain that the police, fire and EMS units had security from the rest of the network. We are handling this in several ways. Mikrotik has the ability to create what are called virtual APs (a virtual AP is a second AP, with the ability to use distinct access-lists as well as distinct security profiles from the physical radio card). That is to say, that the virtual AP "acts" like a second radio card but is, in reality, using only one physical radio card. At any rate, this virtual AP is being used for the city's network, while the other ISPs will be using their own virtual AP to provide their internet service.

The police, fire and ambulance vehicles will be equipped with their own Mikrotik Routerboard with some very interesting capabilities. Due to the size of the network, and the need to allow for separation of services, we decided to route the entire network. Allowing seamless mobility in this environment presents several unique challenges. First, we must allow the CPE device to connect to several APs, insure they do not connect to unknown APs AND make sure that we know the IP information as the device moves throughout the network.

There are many ways we could have used to accomplish all of this (the Mikrotik is just that flexible). We ended up with the following solution, which allows the mobile unit to seamlessly move through the network, AND will connect to the strongest AP (it checks every 15 seconds). Mikrotik's scripting host was invaluable in this solution. The script checks the signal level of the currently active radio (there is a 2.4GHz AND a 900MHz radio in each CPE) and (if it is below acceptable levels), it will search for the strongest AP (on either radio), connect to that AP, then proceed to reconfigure the CPE so that it works on the network. Finally, the IPSEC tunnel (which is not implemented, yet) will be established and normal communications for the IP cams, laptop or whatever other equipment is located in the vehicle will resume.

Our initial testing showed that the we could drive through town pinging the city hall's server and not drop more than 5-7 pings each time we switched APs. Testing will continue throughout the upcoming week and it is likely that we will have to tweak our configuration some.

NOW, before some of you start pounding me for being part of a "muni wifi network" solution, let me ease your mind. The city owns this network, and they are allowing for access to the internet, but the city will not be selling the access (at least that is my understanding). I don't want to argue this point anyway. It will fall on deaf ears if any of you start it anyway. :-)

I am not at liberty to provide much detail about the network at this time, but I wanted to share this much, as this is an exciting option that many of you may have searched for. I just wanted to let you know, that Mikrotik CAN BE CONFIGURED AS A MOBILE NETWORK! ;-)

--
Butch Evans
Network Engineering and Security Consulting
573-276-2879
http://www.butchevans.com/
Mikrotik Certified Consultant
(http://www.mikrotik.com/consultants.html)
--
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Reply via email to