1130 words
I’m writing this because I suspect that quite a few of my readers are knowledgeable when it comes to technical stuff and I could do with some technical advice. Need for this advice arises because there are some upcoming changes in our university’s wireless network which will render our current equipment useless. Unfortunately, most of the technically knowledgeable people that I know in person couldn’t help me with this as they (a) don’t know enough or (b) don’t admit they don’t know enough. Particularly the type (b) people are a waste of time as I’ll essentially have to explain all the details, some of which I don’t know precisely, and then learn that they don’t really know anything helpful… To avoid this, I’m trying to put all the relevant things that I know of down here.
To begin with, let me describe the current situation: Me and my flatmates use our university’s wireless network from home. To receive its weak signal from a 500m distance we installed an external antenna with a line-of-sight connection to the house where the antenna lives. There’s a hellishly expensive little cable going from it to a Linksys WET-11 wireless network to ethernet bridge – which in turn has its antenna going into a wireless network router that distributes the signal around in our flat.
On the software side we have the router set up to give us a 192.168… network within the flat while the devices have a 10.100… IP address on the university WLAN. Our internal WLAN is also running some level of WEP encryption, while the university’s doesn’t. However, every connection on the university’s WLAN has to be made through a Cisco VPN connection, so this is said to be quite safe as well. In this model every end user runs his own VPN connection on his own account and thus even in our situation it will be completely clear which user initiated which connection (e.g. when people start clogging the wireless network with P2P file sharing apps or viruses, their accounts will simply be deactivated).
The whole thing could be depicted like this:
where the little operating system CDs are our various computers and I consider everything with a yellow background mostly irrelevant for the problem I have as it’d also exist if I connected my computer directly to the bridge. So I won’t mention those things anymore – it’s just that I’ve had many people ask about them…
While changes are often good, even in the world of computers, they often cause problems. And that’s exactly what’s happening for us here. The change that is going to happen is that the Cisco VPN solution will be abandoned and instead the 802.1X protocol will be used.
Now, as far as I can tell, the 802.1X thing is essentially a good idea for security. Whenever you want to open a connection to the network, your computer will have to authenticate itself for it. In particular it means that nobody will be allowed to initiate connections on the network with that system wheras everybody was able to connect to the network and open connections to the VPN server so far. That’s probably a good thing. Even better, it means that we don’t have to use the Cisco VPN client anymore which, as everybody who has used it before will confirm, is a good thing.
In particular, when connecting to the network directly with your Mac, you should be able to connect to such networks right away after carefully checking out the many things that the Internet Connect application can do:
[Do you have any idea how to remove network types from the window’s toolbar, btw?]
But while it looks that the new network setup will vastly improve the situation for people who connect their computer directly to the network, it’s quite a problem for us as, when the connection is established directly from the computer, the computer can also handle the necessary bits of authentication. Our wireless-to-wired network bridge, however, can’t do this.
In principle I see a number of options which could solve our problem, i.e. connecting a whole network of computers to a 802.1X managed wireless network through a single antenna. The solutions I see are
I don’t know what your budget is, but if you go with option 3, a box like this will be quiet, small, and won’t use a lot of electricity. A Mac mini might be even more fun in that context. :)
I will admit to being completely ignorant of 802.1x. We just use PPTP (hack, ptui!) and ssh tunnels at the office.
Whatever happens, we’re going to keep this as low budget as possible. Which most likely means taking someone’s old computer or none. There seem to be so many useless old PCs around anyway which should be more than up to the job. As a matter of principle I’d like to not spend any money for the profit of Wintel companies.
I would’ve quite liked to use my SE for this. At least it’s not dead ugly. But there’s neither WLAN hardware nor software for it, so that’s out of question. Judging from what a friend says, his Newton can take 2 PCMCIA cards and people have written WLAN drivers for it… so in theory even that toy might be up for the job and reasonably good looking… but that’d be even more expensive, I suspect, and not exactly a plug and play solution either ;)
I have no idea about power consumption though. My Powerbook doesn’t need a lot and my old LC III didn’t use too much either. But how much do standard DOS systems use? I’ve got no idea. The numbers they give for processors look horrendous but the processor would be idling most of the time. So how much power do these machines use in reality? 50W? 100W?
I wish I had actual numbers for you. I can tell you that even this reasonably modern Dell laptop (employer paid for it, I sure wouldn’t have) is an absolute furnace, and only gets 2 hours on a full battery charge (as compared to 4-5 hours from a current model Powerbook.) The minute I start doing anything reasonably compute intensive on it, the CPU heats up over 60C and the fan starts to sound like a WWI biplane starting up. Intel chips are notorious power sucking heat pumps.