wireless net, laptops and access control
Hi! I do some administration here at our university (students') network, about 100 clients, Mac and Windows-PCs, and a *ix-based network infrastructure. We use AT-switches, everything except the servers (which use Gigabit) is 100MBit TP so far. IPs are distributed by dhcp. Laptops are getting moe and more important, so we need to restrict the access to the net while it shouldn't be too difficult to "register" new machines. This is valid for wireless and tp-connected laptops. First I thought that we will simply "lock" the switches (so that they block if another device is connected to the switch) and use a FreeSWAN between a router that routes registred clients into our net. The problem is that this will take a lot of cpu (I have some 500MHz-Alphas 21164a here that I would like to use) and seams to be really hard to administrate. The client-side installation would require a pgp-client, and we would have to create certificates for every client. So which other options are there available? Is something like ppp over ethernet a way to build up this? Or do you know freeware solutions that use mac-netfilters and have a web interface or something similar? Or should I simply put these clients into a insecure network and give them only little access to the outside, so they can't damage our internal nets? Thank You, CU, Lars.
So which other options are there available? Is something like ppp over ethernet a way to build up this? Or do you know freeware solutions that
I would use PPPoE in such a situation. However I have yet to find a free PPPoE server implementation for Linux. I have only found one in Freebsd where it is native in the kernel at least with 4.4-STABLE. You could then autheticate these users against a radius server and thus be able to setup things like what kiind of access they have. There are lots of PPPoE clients for linux, windows etc. e.g RASPPPoE WINPOET etc. Noah.
* ksemat@wawa.eahd.or.ug;
I would use PPPoE in such a situation. However I have yet to find a free PPPoE server implementation for Linux. I have only found one in Freebsd where it is native in the kernel at least with 4.4-STABLE.
IIRC rp-pppoe has is http://www.roaringpenguin.com -- Togan Muftuoglu
On Mon, 19 Nov 2001 15:31:02 +0200
Togan Muftuoglu
* ksemat@wawa.eahd.or.ug;
on 19 Nov, 2001 wrote: I would use PPPoE in such a situation. However I have yet to find a free PPPoE server implementation for Linux. I have only found one in Freebsd where it is native in the kernel at least with 4.4-STABLE.
IIRC rp-pppoe has is http://www.roaringpenguin.com
And infact is included as an rpm in SuSE 6.4+ -- Viel Spaß Nix - nix@susesecurity.com http://www.susesecurity.com
IIRC rp-pppoe has is http://www.roaringpenguin.com
And infact is included as an rpm in SuSE 6.4+
I was talking about a SERVER or access concetrator whatever that is free in linux for PPPoE. According to what I read on the list unless I was very mistaken the package that comes with SuSE is a client and not a server implementation. Noah.
* ksemat@wawa.eahd.or.ug;
I was talking about a SERVER or access concetrator whatever that is free in linux for PPPoE. According to what I read on the list unless I was very mistaken the package that comes with SuSE is a client and not a server implementation.
I would recommend you visit the site and read for yourself it also includes a pppoe-sniffer to solve problems. I am positive regarding the pppoe_server_ http://www.roaringpenguin.com -- Togan Muftuoglu
I would recommend you visit the site and read for yourself it also includes a pppoe-sniffer to solve problems. I am positive regarding the pppoe_server_
I have read what is on the site and also installed their package. It does seem that the rp_pppoe package can do a PPPoE server though it cannot yet do RADIUS authentication. To get it to do that I had to install radiusclient and I am still hacking away at my pppd to get it to use the Radius server for authentication and accounting. However this is getting OT so I will move subsequent messages off list. Anyone with ideas about hacking the pppd to do authentication and accoutning to radius please e-mail me. Noah.
participants (4)
-
ksemat@wawa.eahd.or.ug
-
Lars O. Grobe
-
Peter Nixon
-
Togan Muftuoglu