[ previous ] [ next ] [ threads ]
 From:  walterpc at mchsi dot com (Walter PC)
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] 2nd management login
 Date:  Fri, 16 Jun 2006 02:25:13 +0000
They have use client isolation... which does not allow cross-traffic between
clients on the AP... then each switch port has a VLAN tag - back to the GW
seperates file sharing and cross-traffic within the infrastructure.

Not all Hiltons require this or the Cisco APs even... but they do require hilton
authentication codes when they log in.

As for VLANs - this is normally used for every port in the hotel - tagging a
port to the room it feeds because many hotels still charge for internet - and
this allows for Billing to the room.
It also is a help with banning someone for bandwidth hogging or infected users,
because we can trace it to the room, shut off the port and then inform the FD so
if the guest complains they know why they were turned off.

I think the proxy ARP would or the 1-to-1 NAT would work.
I know how the 1-to-1 NAT works... but I'm not so sure about the Proxy ARP.
Can someone explain if this will allow public IPs to be given to the clients on
the inside or how this would work.

I definetly think this may work in my applications - at least for those clients
that don't want to shell out $2000-3000 for a limited user license comercial GW
but need many of the features.
Definitely would brand it with our logo as to make it easy for client to find
and assist with phone troubleshooting, but would also want to keep the m0n0wall
logo and give credit where credit is due.

Like mentioned already - the work to maintain and support is where the money is,
not the up front cost of equipment.  Leasing out the equipment with support for
it at $$$ a month is the way to go.
>VLAN for every client - how do they manage that?  A single SSID per
>client with SSID to VLAN mappings, or is there some other slick
>feature in Cisco APs I'm not aware of?
As far as I know they only use client separation which uses 1 single SSID and 1vlan but keeps the
client traffic separated.