[unisog] A question regarding pppoe on wireless

fooler fooler at skyinet.net
Sat Jul 1 09:49:50 GMT 2006


----- Original Message ----- 
From: "Christopher F. Wilson" <chrisw at nipissingu.ca>
To: <unisog at sans.org>
Sent: Friday, June 30, 2006 1:31 AM
Subject: [unisog] A question regarding pppoe on wireless


> We are looking at implementing pppoe over wireless for authentication, and 
> are wondering if anyone else has tried this.
>
> In our small test group(20 laptops) we had no problems at all, but are 
> unsure of what back end hardware we should use.
>
> Our test server was using a 500 MHz p3 with 256mb ram running FreeBSD 
> setup smiler to the white paper on this site
>
> http://www.hpi.net/whitepapers/warta/
>
> We noticed no slowdowns at all in our testing, but when we go live we will 
> be have 800-1000 clients using this setup and are wondering what kind of 
> server hardware should we be looking at?

you have to look how much ppp process eats up a memory and multiply it with 
800 to 1000 clients for your ram needs... you need a higher processor and 
make HZ=1000 or higher value for cpu attention per ppp process... network 
card bandwidth depends how much bandwidth you will allocate per pppoe 
client...

encryption security of wireless network card and access point vendors are 
not compatible with each other... you have to set no encryption in your 
wireless access points and broadcast your SSID for wider audience and 
compatibility... let the higher layer of the osi model do the encryption for 
you... do not use pap nor chap for authentication.. use microsoft chap 
version 2 (mschapv2) and mppe instead for your encryption over the wireless 
medium...

you need two network cards for your pppoe server... one facing the internet 
with an ip address and one facing your wired and wireless clients without 
using any ip address for added security and protection...

use radius for authentication, authorization and accounting... with radius 
you can do prepaid service, time restriction, protocol restriction and other 
features that radius can do...

fooler. 



More information about the unisog mailing list