Ken Endeley wrote in news:110ieeie9tf6220 @corp.supernews.com:
I've been looking into the same thing for my company and have come up almost empty handed. We're trying to give wi-fi access to a conference room of a hotel. And Security is our #1 concern. Besides registering MAC addresses, changing the WEP daily, or giving out Wi-Fi adapters to wireless users, there just isn't another solution that I know of.
I'm not to familiar with PPoE, but it was suggested (and then shot down) by my ISP. So it might be something to look into.
I was trying to find a wi-fi AP or Router with something similar to VLAN support, but unfortunately, from what i've found, i don't think one exists...anybody know of anything?
I have been tasked in my company to implement Wireless LAN solution. The current wireless solution is very secure but very cumbersome to use. We are currently using a bluesocket box as the gateway and ssh client for encryption.
An ideal solution must be
1) Easy to implement
2) Seemless to the user
3) Simplifies daily operation and management
4) Secure
5) Employee satisfaction
Is cumbersome use the only problem with that combination?
Just like "cumbesome to use", those are fairly subjective or ambiguous. To some degree they are also contradictory, in that to do one makes another one hard (e.g., "Secure" definitely makes *all* of the others more difficult, if not impossible).
Provide more specifics, but narrow each discussion to one part of it. Rather than ask for a book, or even a chapter, ask about one page...
There are some possible physical security measures for such a situation that you might not realize. It depends on the layout of the room, and what surrounds it though, so I can't give specifics as opposed to a general concept.
If you provide coverage in a room by placing two AP's in diagonally opposite corners, using highly directional antennas and with the power output reduced to the point where each AP's coverage only extends about 3/4's of the way across the room... it all but eliminate outside monitoring from the other side of those particular walls.
To experiment with that a bit, locate an AP in a corner. (It's antenna should be just about 4" from the walls, or closer.) But first tape aluminum foil to the walls and ceiling or floor, in overlapping layers for about 10 feet in every direction. Reduce the output of the AP to 4 mW. Then use a laptop to see how far across the room you can still make a connection, and also try it on the other side of that wall. If done right, the only signal found on the other side of the wall will be reflections off items in the room, and the range will be extremely short. If you can't lower the power enough (or at all), buy "pads" in various sizes to put between the AP and the antenna. Each 3 dB of pad is the same as reducing the power in half. It should be fairly easy to reduce the range to 20 feet, for example.
Of course that is impossible to implement perfectly. And depends very much on the physical characteristics of the room and the building it is in. The person who engineers it does have to understand antennas, and have appropriate equipment to positively determine the actual effectiveness.
Consider doing it the safe, easy and secure way... VPN (Virtual Private Network) server on your network, and VPN client software (on CD/Diskette/and in a directory that is not part of the VPN so people can get to it and download it), or pre-installed on machines you supply at work. Even allows people to "tunnel into" your network from public Hotspots/hotels/home etc. Works on some PDA's that support wireless too.
We sell VPN servers and client software, (so I can't suggest any without it sounding like an ad), but generically I can tell you we have VPN servers that hook into an existing network for about $2800 dollars, and the client software (used on the laptops/notebooks/pda's etc, is anywhere from free to $20). Have to laugh, cause your ideal solutions #1-#5, are what we have in our ad :)
Know how to search the internet? (use
formatting link
and search for VPN Server)
PS.. Another line from our ad "So easy and simple, your boss will love you" :)
Depends on what you use and how it's set up (at the client end).
We usually create two seperate icons on lap/desktops (one for connect to the system with VPN, another to connect to any hotspot not using VPN).. Again, the other stuff/settings can be done any way you prefer, we have some people that set it up so they have very tight security, and others that set it up so it it open to other stuff, but still very tight to the CO VPN server.
If nothing else, do the search and look at some of the sites that pop up.. It will give you a lot more information than I can type here.. Some of them even have free demo software to try it out for a limited time with your own system/server (or with theirs if you don't have a server yet).
One thing I can say for sure, check it out, you will never go back to those bandaids like WEP/WPA etc...
Don't know of any off hand..There is however software that runs on the computers you already have (unfortunately about $2200). We went the separate box way to make it easy and transparent (plug it in to an ethernet port on your AP/router etc, and you have a VPN server installed in seconds on your existing network(and/or a few more minutes to set custom security settings). Can be used as an internal VPN server, and/or if you tie to the internet, can also be used for secure external access to your network.
Didn't say it was the free way of doing your #1-#5, just very quick/easy/secure.
Note that almost all SUPPORT it... but none (that I know of) will actually act as a VPN server.. If your AP supports wireless, it can pass the tunnel on to your network, but there still has to be a VPN server somewhere to pass it on to.
1) 10 AP altogether (5 a site)
2) Yes. We are planning to retire the current Orinoco AP
3) Currently NT4 domain authentication via the bluesocket box.
4) No current Qos, video or voice. Be nice to have with new solution
5) If it is beneficial yes
6) W2k and XP sp2
7) Good seemless solution ----- 100% user satisfaction
8) No really
snipped-for-privacy@barrow.com (Floyd L. Davidson) wrote in news: snipped-for-privacy@barrow.com:
well, if we're able to provide VLAN support and separate the "inside people", we'll definately have the capability to keep out the "outside people". So i'm not too worried about that.
If we can't get a WiFi VLAN configuration though, we'll scrap the whole idea.
"Peter Pan" wrote in news: snipped-for-privacy@individual.net:
with a vpn server, wouldn't the people who connect to the wifi access point still be able to browse each other's network neighborhood, they just wouldn't be able to get to the internet without the client software?
i'm worried about netbios transmissions between people on the wifi. is there a VPN WiFI router and a client that would only allow those who have the client to connect to the WiFi? And once connected to the WiFi, would i be able to browse network neighborhood? Or ping local IPs?
Yes, it like lots of other AP's, allow VPN stuff to pass through, but they do NOT provide VPN SERVER services... You absolutely positively need a VPN server somewhere.
"Robert Jacobs" wrote in news:yQfOd.22837 $uc.10548@trnddc09:
That was pretty much what I thought. just tell the people that its an unsecured network, and to make sure they didn't have any of their important files shared.
"Peter Pan" wrote in news: snipped-for-privacy@individual.net:
Cisco Aironet 1300 supports VLAN on the wifi clients.
you can setup multiple ssid's which each cant see each other. i'd have to create 50 or so ssid's and then just keep track of which ones are in use. maybe changing them every month or so. hmmmm...lemme look into this
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.