From: "Tim Vaughan" <talltim at gmail dot com>
> I've been asked to help install a large wireless network at a
> community education project I volunteer at. My current plan is to use
> m0n0wall with a switch connected to the DMZ interface. Coming off the
> switch will be several WRT54Gs with the network cable plugged into one
> of the LAN ports, making them all transparent bridges. The plan is
> that anyone can choose the strongest wireless connection and will then
> authenticate via the captive portal on the m0n0wall with its own
> RADIUS server.
> Is this a sensible setup? It seems to me to be the simplest way of
> covering a large area with a wireless network and still permitting
> authentication and user management.
> Any better ideas would be gratefully received!
First, WRT54G is a lot of different things. Will you be using stock
firmware? If so, it will work fine. If not, do not use the seavsoft
firmware! It will not work with captive portal. dd-wrt firmwares work
fine. I use tofu.
Second, it may seem obvious, but you will need to turn off the WAN port, and
only use the lan ports. If you NAT and route through it, only the first
person will log in, and everyone after them is free.
Now the new custom firmwares can do a lot, including captive portal against
radius. However, then to not give all of the support options of m0n0wall.
I love being able to VPN into the network and fix stuff. The logs in
m0n0wall are very good for troubleshooting. This is why I have about 25 in
production with APs behind them.