Re: large campus network ... sugestions
* Tirla Adrian:
> I`m currently one of the network administrators of a 3000+ students
> and i have some issues maintaining security, authentication ... and
> quality of service ...
You should ask in a different forum, perhaps unisog, and try to get into
touch with folks who have got current and personal experience operating
under similar constraints.
> I'm interested in a better authentication method than registering all
> the MACs+IPs of all my users (which after all is just dust in the wind
> ...) using my current hardware (16 servers, 1 for at least 250
> clients). I was thinking about ppp based authentication but it doesn't
> look very scalable and secure ... am I wrong ?
People have tried this, even in commercial MAN deployments (fully L2
core and stuff like that), and have discovered rogue PPPoE servers on
their networks. Doesn't work.
The only real answers are IPsec or OpenVPN, similar to what some folks
use to secure their WLAN infrastructure. This does not protect
customers from each other, however, which can be a significant issue.
20 Mbit/s for 3000+ students is rather limited. You really should
encourage heavy users to subscribe to commercial broadband services.