Chris Buechler wrote:
>On Fri, 14 Jan 2005 09:21:22 +0100, Vittore Zen <drzen at gamebox dot net> wrote:
>>mynetwork with <-> m0n0 <-> switch
>>radius server & | | |
>>def. gateway ap1 | |
>>(the same that
>>http://www.tomsnetworking.com/Sections-article92-page3.php but more
>>What is the best practices for wifi hot spot with m0n0wall?
>>My choiches are:
>>- no WEP in wifi access points
>>- captive portal with radius (and https?)
>If you're using radius to authenticate users, and have sensitive
>passwords (i.e. not one you hand out to anybody) you need to use
>https. Otherwise it's less than trivial for anybody to intercept
Depending on the intended use, this may or may not be a problem. If
you're using one time passwords (printing out a password on each coffee
receipt, where each password is only good once) then HTTPS isn't
required, but otherwise HTTPS is definitely required.
Personally I wouldn't bother with WEP since it's so easily cracked.
>>- dhcp server
>>- block every ip of mynetwork (to hotsport subnet) except default
>>- the same SSID on ap1, ap2, ap3 (are linksys)
>fine, but might get confusing when troubleshooting and testing link strength.
Same SSID is good since it allows roaming between access points.
>>- the same channel on ap1, ap2, ap3
>that might cause problems, not sure.
This will *definitely* cause a problem. Put the APs on 2, 6 and 11 --
This will allow most wireless NICs to automatically determine which AP
has the best signal without worrying about overlap or signals canceling
each other out.
Having two or more APs on the same channel will, at best, cause massive
packet loss. More likely it will render the entire network unusable,
especially if somebody shows up with a stronger-then-average antenna and
transmitter and two or more APs start thinking they're both receiving
communication from one client.
Usenet is like a herd of performing elephants with diarrhea --
massive, difficult to redirect, awe-inspiring, entertaining, and a
source of mind-boggling amounts of shit when you least expect it.