Configuring a (User-Side) Hassle-Free Network?

braek asks: "I have been approached by a few locations (Hotels/Convention centers) in regards to providing high speed Internet to clients. Now, I'm sure this has been done a million and one times with a small x86 box running some flavor of Unix or BSD, however the thing that makes this somewhat of a more difficult chore, is the fact that the hotels and convention centers want absolutely NO reconfiguration to be required on the users laptops. So for example, the router must be able to route packets for people who have DHCP, as well as someone who has a static reserved IP address of 192.168.4.8 and someone who has a static global of 206.10.3.9. Basically the router should be able to route packets for the user regardless of their IP configuration. I Have looked around the web ad-nauseum but have found very little help. I'm thinking some form of transparent bridge or proxy-arp solution may be the key. Has anyone ever been in a situation like this, or have any ideas as to how this could be accomplished?"

Pray tell . . .

[cjpez]

. . . what range of IPs would you assign when doing DHCP for someone, then? Someone's configuration is going to give you problems. If you assign someone a DHCP address in the 10.x.x.x block and then someone comes in with a static 10.x.x.x for some reason, you're screwed . . . I suppose in that scenario you could tell the DHCP server to not use that one IP address. But then what happens if the DHCP server assigns somone 10.0.10.10 and then someone comes in with that static IP? You've got a mess on your hands, that's what.

Not to mention if someone comes in with a laptop that has a publicly-accessible IP; it's possible, anyway. How will you know to route that properly? I suppose that's pretty farfetched, actually, because the person with a publicly-available static IP on a laptop wouldn't expect it to work outside the network it usually sits in. But still, if that's one of your requirements, what then? Where does traffic to that IP route? Out to the world the way it's supposed to, or inside your hotel network? If you allow global IPs and do some funky route hacking, it would be trivial for someone to boot up their laptop with an IP of 216.239.39.101 and suddenly nobody in the hotel can get to Google. Bad idea.

Someone's toes are going to have to be stepped on somewhere along the line. Someone else can come around and prove me wrong, though, if they can. :)

Re:Switch w/VLAN tagging to Host

[regen]

In my haste to reply quickly, I left out details that I thought would be clearly seen once I said use a switch with vlan tagging.

The upload to the host/router is via trunk port on the switch which is a member of all vlans. Since it is a trunk port the switch will forward the frame which the 802.1q tags on the frames.

The host/router is configured with virtual interfaces on each vlan. Since the tags are present it can determine which packets belong to which ports on the switch.

The host/router will use NAT/PAT to map the entire 0/0 address space to a single IP. Thus it will not matter what address is statically assigned to the laptop.

Since the ARP request will be confined to the VLAN only the host/router will see them and can respond with it's MAC address, thus it will become the gateway router for that port. Likewise you can map services that you would like to provide locally such as DNS this way (or just let DNS pass)

Of course, if they send a DHCP request you don't need to do all this work.

You should be able to do this with of the shelf components. A Cisco 3700 series router could handle a small setup and a Cisco Catalyst 5500/6500 with RSM could handle much larger setups. Any CCIE with much VLAN experience should be able to set this up.

If you want to go Open Source, you could use a Catalyst 5500/6500 with an OpenBSD/Linux/FreeBSD box instead of the RSM. You could even throw a bunch of quad nic into a box instead of using a switch but that would be a mess to manage.