Re: large campus network ... sugestions

• Tirla Adrian:

> I`m currently one of the network administrators of a 3000+ students
> and i have some issues maintaining security, authentication ... and
> quality of service ...

You should ask in a different forum, perhaps unisog, and try to get into touch with folks who have got current and personal experience operating under similar constraints.

> I'm interested in a better authentication method than registering all
> the MACs+IPs of all my users (which after all is just dust in the wind
> ...) using my current hardware (16 servers, 1 for at least 250
> clients). I was thinking about ppp based authentication but it doesn't
> look very scalable and secure ... am I wrong ?

People have tried this, even in commercial MAN deployments (fully L2 core and stuff like that), and have discovered rogue PPPoE servers on their networks. Doesn't work.

The only real answers are IPsec or OpenVPN, similar to what some folks use to secure their WLAN infrastructure. This does not protect customers from each other, however, which can be a significant issue.

20 Mbit/s for 3000+ students is rather limited. You really should encourage heavy users to subscribe to commercial broadband services.

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org