|
WISP Authentication - PPPoE Maybe? |
|
|
|
|
Written by bistelecom
|
|
Thursday, 08 March 2007 |
" Hello all,
I have small WISP operation that is growing quickly. As of right now all of our customers are assigned static private IP addresses and the entire network is bridged. As our network grows I feel this is going to become a nightmare to manage.
I am looking to moving to this model but I would appreciate your input if this is a good plan or if anyone knows anything better/easier.
Plan #1 - Have a PPPoE Server at our NOC along with a RADIUS server. Mostly routed network using EoIP.
Customer Router WaveRider CPE WaveRider CCU (Base) Router A (at tower) Router B (at NOC) PPPoE Router to Internet
Plan #2 - Have a PPPoE Server at each tower site, with RADIUS at our NOC.
Customer Router WaveRider CPE WaveRider CCU (Base) PPPoE Router A (at tower) NOC Router
I'm interested in using a PPPoE Server with a RADIUS server so we can do bandwidth throttling easier and make everything more simple to manage.
Any other ideas will be greatly appreciated!
Thanks!
**Also, after posting I had another concern. How well will VoIP work over PPPoE and how can we implement QoS? We are in the process of becoming a CLEC and I'd like our network to reliably support VoIP when we get CLEC status.**"
IntraLink:
Once you encapsulate VoIP in PPPoE then QoS is unavailable to any device in the middle; which is where most of the bottlenecks in bandwidth are.
So you gain something and lose something more important.
VLAN priorities CAN be mapped to Diffserve and related VoIP priorities however.
Inssomniak:
Ive designed my network from the get-go loosely based on your #2 above, VOIP is not a real concern for me. Its BTW only designed, not implemented! So I cant comment on it yet, but I have good feelings about it. Vlans will be in place as well. It will be the network design that I implement when the time comes (and it cant come soon enough!)
harvSki:
As we built our small WISP we went through bridged, 1 and 2 and have found that that a fully routed network with PPPoE access concentrators at the wiPOP is the best solution.
EoIP can be a complete pain to set up and decreases throughput on the network, if you are going to use RADIUS then you might as well exploit that and have remote (away from your NOC) PPPoE authentication.
hth
ponline:
I started with fully bridged network and authenticate by mac addresses.
It was such a pain, and the bridged network started to be sluggish when i reached 50 clients.
I decided to implement radius server and pppoe server on the NOC and the same bridged network, that is your #1 option. That was a little but not very significant improvement on my network, when i reached 100 clients it was again real pain.
The best thing is to go routed, pppoe server on every AP and a centralised radius server on NOC (option #2) and that is what i did.
Since then, i never look back, i only add new APs to new location, backhaul them to the NOC,mikrotik is very handy at providing pppoe server. I have now 4x bigger network and never had an issue with network efficency or broadcast problems.
VariableARK:
Another option would be to go fully routed and still use radius but instead of using pppoe use dhcp/mac authentication on a per-tower basis. I am still debating which route (pppoe or dhcp) to go.
ponline:
In this case you have to use some good encryption (WPA2)if you don't want some lammers sniffing and spoofing mac adresses to have free internet.
Original thread location |
All Categories