[unisog] A question regarding pppoe on wireless
fooler at skyinet.net
Sat Jul 1 09:49:50 GMT 2006
----- Original Message -----
From: "Christopher F. Wilson" <chrisw at nipissingu.ca>
To: <unisog at sans.org>
Sent: Friday, June 30, 2006 1:31 AM
Subject: [unisog] A question regarding pppoe on wireless
> We are looking at implementing pppoe over wireless for authentication, and
> are wondering if anyone else has tried this.
> In our small test group(20 laptops) we had no problems at all, but are
> unsure of what back end hardware we should use.
> Our test server was using a 500 MHz p3 with 256mb ram running FreeBSD
> setup smiler to the white paper on this site
> We noticed no slowdowns at all in our testing, but when we go live we will
> be have 800-1000 clients using this setup and are wondering what kind of
> server hardware should we be looking at?
you have to look how much ppp process eats up a memory and multiply it with
800 to 1000 clients for your ram needs... you need a higher processor and
make HZ=1000 or higher value for cpu attention per ppp process... network
card bandwidth depends how much bandwidth you will allocate per pppoe
encryption security of wireless network card and access point vendors are
not compatible with each other... you have to set no encryption in your
wireless access points and broadcast your SSID for wider audience and
compatibility... let the higher layer of the osi model do the encryption for
you... do not use pap nor chap for authentication.. use microsoft chap
version 2 (mschapv2) and mppe instead for your encryption over the wireless
you need two network cards for your pppoe server... one facing the internet
with an ip address and one facing your wired and wireless clients without
using any ip address for added security and protection...
use radius for authentication, authorization and accounting... with radius
you can do prepaid service, time restriction, protocol restriction and other
features that radius can do...
More information about the unisog