Any hardcore old-school geeks out there who speak BGP,
read alt.sysadmin.recovery, know how to fusion-splice fiber,
and and continue to use vi just to drive the youngsters insane?
The local library system wants to SECURE their public wireless
network, and create two VLANs within the same physical
collision domain, one for (unauthenticated) patron users of wireless
computers, and one for (authenticated with Radius) staff, all to
keep patrons away from their internal systems, for which the
only actual security is (gag!) Microsnot Active Directory. (Why
they can't use vanilla LDAP like grown-ups is a matter for follow-up.)
This should be trivial for a half-dozen site network, but they have Cisco
1602 type routers deployed at every branch, which have been EOL'ed by
Cisco, and have no IOS upgrade path that would include 802.1q, so I'm
looking for a "cheaper than Cisco" router (Netopia, et al) that will do a
decent job of being the gateway for the 801.2q VLANs.
And no, the access points themselves cannot act as gateways,
because the sites are connected with fractional T-1s over frame
relay, so the "site routers" have to be the gateways to route the
traffic back to the main library, where Radius and most all the
servers live.
Any suggestions? Any warnings about problematic implementations
by specific vendors? As usual, this is a pro-bono project, and as usual,
the library system will likely raise money for hardware with bake sales.