[TCWUG] Wireless setup in a small/midsize office

Thu Aug 22 01:39:16 CDT 2002

On Wed, 21 Aug 2002, Jon Kotek wrote:
> At this point there are 6 runs of Cat5 already done, and they have a
> 512K DSL line installed going into a smoothwall firewall server.  My
> only connection with them so far is the fact that I know the
> smoothwall part.  I would like to do some sort of web based
> authentication I think going to a radius server.

So you actually want people to be able to walk through the building with
their laptops and stuff, then? I was thinking of doing wireless as a
replacement for wired, where you just set up a wireless->wired bridge at
each suite who buys internet access, and let them do whatever they want
with the ethernet port.

If you're going to force non-roaming users to authenticate via a web
browser every time they want to hit the 'net, they may not be too happy..
also, 11mb won't seem like very much if you're having everyone use it for
their LAN along with 'net access.

>  I am going to push the cisco gear since it can run as a repeater if I
> need to, otherwise if the runs of cat5 are fairly spread out I would
> be able to run a cheaper solution (WAP11) and go with MAC filtering
> with WEP.  Now my other question is in using say a WAP11 AP would that
> work with roaming (I am assuming that they want to promote access from
> all conference rooms)  and still using MAC filtering??  Would I need
> to update all AP's (I am doing a WAG of 4 or 5 per floor) that could
> turn into an admin headache.  Otherwise throw out the MAC filtering
> and just stick with WEP and radius.  I know they would like to have
> some sort of accouting of usage, which

I'd still vote on IPSec to a VPN concentrator. That way, you can set up
whatever kind of account you want right on the concentrator. Plus, you're
actually going to be reasonably secure, which plain WEP+Mac Filtering
isn't (yet).

As far as roaming, as long as they are all hooked up to the same physical
network, you should be fine. If you've got a separate subnet for each AP,
it's quite a bit more difficult (need mobile ip or somethin).

-- 
Nate Carlson <natecars at real-time.com>   | Phone : (952)943-8700
http://www.real-time.com                | Fax   : (952)943-8500