On Fri, 14 Jan 2005 09:21:22 +0100, Vittore Zen <drzen at gamebox dot net> wrote:
> mynetwork with <-> m0n0 <-> switch
> radius server & | | |
> def. gateway ap1 | |
> (the same that
> http://www.tomsnetworking.com/Sections-article92-page3.php but more
> access points)
> What is the best practices for wifi hot spot with m0n0wall?
> My choiches are:
> - no WEP in wifi access points
> - captive portal with radius (and https?)
If you're using radius to authenticate users, and have sensitive
passwords (i.e. not one you hand out to anybody) you need to use
https. Otherwise it's less than trivial for anybody to intercept
> - dhcp server
> - block every ip of mynetwork (to hotsport subnet) except default
> gateway destination.
> - the same SSID on ap1, ap2, ap3 (are linksys)
fine, but might get confusing when troubleshooting and testing link strength.
> - the same channel on ap1, ap2, ap3
that might cause problems, not sure.
overall sounds like it'd work fine, try it out and see what happens.
Remember captive portal isn't going to work as intended unless you set
up those AP's to bridge, not route or NAT.