[Soekris] Fact Finding Mission
hazard at francoudi.com
Thu May 29 17:31:45 UTC 2003
The simplest access control method is to allow only certain MAC
addresses and it is integrated into WISP-Dist.
It does not protect against people who spoof their MACs, but in case
MAC is spoofed your own customer will stop working and you will notice
it. Another way is to establish vtun connection from each of your CPE
and disallow any direct Internet access. Again vtun support is
integrated into WISP-Dist.
And thid method is to use 802.1X, while it is supported in newer
hostap drivers WISP-Dist does not use them as they are less stable
than the old ones.
> I am looking at purchasing the net4521 board with NL-2511 Plus EXT2 netcard
> and the WISP-dist software.
> Our ISP is looking to use this as the main access point for multiple
> Our setup would be something like the following:
> The Ethernet port would have a valid IP address back to our switch.
> The 2511 card would assign 192.168.xxx.xxx address to our client units.
> The clients would use this same hardware setup.
> The clients would have their Ethernet port would use 10.xxx.xxx.xxx
> addresses for the internal lan.
> I didn't find a solid answer to this problem. Maybe someone is willing to
> rehash this issue.
> Problem... How do we keep unwanted users off of the wireless?? How do we
> authenticate valid clients?? Even if we don't use DHCP, if someone finds
> our ip address range we are using they could just use one of those ip's in
> their own wireless setup.
> We currently have a radius server setup for our normal dial-in users, our
> dsl is controlled by assigning and hard coding their firewalls with a valid
> ip address. (no dhcp for this setup)
> Thanks for the information and look forwarding to experimenting.
> Soekris Engineering, technical discussion mailing list
> [un]subscribe: http://lists.soekris.com/mailman/listinfo/soekris-tech
Thunderworx - Senior Systems Engineer (RHCE)
More information about the Soekris-tech