Hey everyone, we are looking to set up guest wireless on our SBG6580's and have a ton of questions...
If we set up a guest wireless network in a house I assume it will share the existing customers plan, is there any way to create a different service flow or something and have be a seperate access or limit guest wireless to say 3mb?
As there is no controller I assume there would be no roaming between guest access points, anyone have experience in an apartment complex where everyone has the same guest network but different cable modems? I bet it's horrible but if there are some positive experiences please let me know.
Thanks!
Hello,
We have implemented this kind of solution with Cisco EPC, Ubee and Technicolor modems. There is no controller.
What you basically do is:
1. create l2vpn (gre tunnel) between cable modem and VPN agreggator (Mikrotik, cisco ASR...)
2. push traffic from guest ssid into this tunnel.
3. enable radius authentication from guest ssid, so that users can receive their username and passwords
4. you create a separate service flow for l2vpn traffic in cm config
it's a bit complicated, but we use the same ssid name on all of the devices and it is offered for our customers only.
this is not a solution for roaming. roaming has to be done with smarter equipment than docsis cable modems :)
You could do simple ad-hoc wireless networks behind the modems (same SSID or not) but everytime you switched between APs you would have to re-authenticate to that AP.
There is a much less limited way to do it. You need a WAG (Wireless Access Gateway) or SoftGRE endpoint with Radius support (optional), this allows you to create SSIDs like Charter's Spectrum or Comcasts Xfinity, where when you connect to this SSID you are automatically authenticated to all APs with that SSID until your session expires.
Disclaimer, I have not set it up on this model/brand of modems, and I work for Casa who makes a WAG.
SoftGRE or as Motorola calls it L2-GRE tunnelling is a way to take all wireless traffic (specific SSID) at L2 and tunnel it to a WAG/SoftGRE Endpoint. Because the traffic is at the L2 level, the WAG or SoftGRE endpoint sees all the wireless traffic and is the L3 gateway for said traffic. The "soft" in SoftGRE refers to the ability to only configure one side of the connection (modem side statically) when a modem makes a soft GRE connection the SoftGRE endpoint infers the connection details from the connection attempt and self configures itself to talk to the modem. At a modem level you associate a specific SSID with a SoftGRE tunnel so all traffic from that SSID flows to the soft GRE endpoint.
This enables two very important features:
1) the ability to create a separate service flow on the cable modem that classifies the SoftGRE endpoint so that the wireless traffic (specific SSID) uses separate bandwidth from ethernet or customers home wireless network.
2) ability to centrally authenticate (or not) all the tunneled traffic. Since the tunnel contains all L2 traffic you can authenticate via radius connections to the specific SSID.
Using your example, if you have some sort of WAG versus a simple SoftGRE endpoint, you could run the same SSID on all the cable modems, and when CPEs switch between APs if they are already authenticated, they will not have to re-authenticate. This happens from the first packet sent on a new AP.
Note: I did not say roam, the SBG6580 does not support any kind of wireless roaming standard.
Also note: this type of wireless connection is supported by many traditional wifi access points as well, Ruckus/Cisco many others and could be used in combination with above, CMs providing wifi access in the apartment, wifi APs providing access in common areas (pool/clubhouse/gym etc...) all running off same SSID and only requiring that users authenticate once.
How do you set this up:
see attached mib you need to add to your modem config:
create SSID in modem (out of scope for this writeup)
create additional service flow and classifiers for SoftGRE traffic (out of scope for this writeup)
cmdot11l2ogreEnabled turn on SoftGRE
cmdot11l2ogrePriRemoteAddressType -- set SoftGRE endpoint IP Address type
cmdot11l2ogrePriRemoteAddress -- The actual SoftGRE endpoint
You then need to create one or more entries in this table
cmdot11l2ogreSourceIfTable -- associating Wifi interface (SSID) with SoftGRE tunnel
If your in the US I could give you a more in depth review of Casa's WAG.
Do you have a sample or example file for your suggestion you can share?