Marina base station coverage?

I'm trying to guessitimate what sort of antennae I'll need to cover an area
of slips in a marina. The coverage area is about 600' wide and about 400'
deep. The starting area for coverage is about 200' from the base of where
the antenna would be mounted. That is, there's a dockmaster's office that's
about 200' from the nearest boats that would need coverage. There's a row
of lift-slip motorboats but it's not necessary for them to have coverage.
If they got coverage by chance that'd be great but it's not required. Most
directional antenna have a horizontal beam of about 60 degrees. That's not
wide enough for things at the edges of the 200' distance to the first pier.
My boat happens to be in the very center of the beam but I'd want to have a
plan to cover the other boats at the edges too.

So what's typical in this sort of situation? I'm assuming it's unwise to
hang two directional antennae off a single radio, correct? So I'd have to
add another access point with it's own antenna, right? Or could I hang two
off a single WRT54GS?

Since this is a 'donation' of sorts to get free access in the marina I'm
hoping to try it using something like this antenna:
http://www.hyperlinktech.com/web/re11ds.php

Mainly because it can be mounted inside a window using suction cups. If it
works and the level of traffic through the wireless doesn't otherwise
disrupt the limited amount of traffic the existing, single desktop computer
expects then other locations/antennae could be considered.

Basically, they've been dragging their feet at the marina (and some sister
locations) for ages on getting WiFi working. The main location has been
attempting to make it 'pay for' service and it's meeting with considerable
failure. Coverage is weak and people won't pay for that. So here I've
convinced the onsite manager to let us 'give it a try' provided it doesn't
otherwise muck up his use of the wire, which is *extrememly* limited anyway
since all office work is done at another location. Mainly just mail and web
with a Citrix session. So by donating the time/effort/devices he's willing
to share some bandwidth. There's no live-aboards here so it's not like it'd
be much more than lightweight use. But we'd certainly be charting the
consumption (gotta love MRTG) to keep things from getting out of hand.

So starting with something like that panel antenna would let us give it a
try without having to mount anything permanently, at least not during this
trial. But it being stuck on the window would prevent it from getting
bumped out of alignment like one just placed on table might. Of course
there's always the risk of getting unstuck from the glass... but that's
trivial during this trial.

-Bill Kearney

"Bill Kearney" <(E-Mail Removed)> hath wroth:

>I'm trying to guessitimate what sort of antennae I'll need to cover an area
>of slips in a marina. The coverage area is about 600' wide and about 400'
>deep. The starting area for coverage is about 200' from the base of where
>the antenna would be mounted.

Sector antenna. Beamwidths vary from 60 degrees to 180 degrees.
http://www.superpass.com/2400-2483M.html

>So what's typical in this sort of situation? I'm assuming it's unwise to
>hang two directional antennae off a single radio, correct? So I'd have to
>add another access point with it's own antenna, right? Or could I hang two
>off a single WRT54GS?

You cannot hang 2 antennas off a WRT54G as the diversity switch
algorithm will not scan between the antennas fast enough to be useful.
If you had only one user, that might be functional, but not with more
than one.

You can attach two antennas to a single antenna port on the WRT54GS by
using a power divider, splitter, or combiner. See:
http://www.hyperlinktech.com/web/sig..._2400_2way.php
The catch is that if the antennas "see" each other, the pattern will
be some conglomeration of their individual patterns and probably not
look like anything useful. This works best for where the antennas are
far apart or on opposite sides of a building.

>Since this is a 'donation' of sorts to get free access in the marina I'm
>hoping to try it using something like this antenna:
>http://www.hyperlinktech.com/web/re11ds.php

Jeff's rules for community wireless networks:
1. Never do anything for free. You can always give a discount or a
temporary free deal, but you can never go from free to paid.
2. Everything requires support, tinkering, negotiation, and more
money.
3. There's always someone just outside your coverage area.
4. Support calls always arrive at inconvenient times.
5. The surest sign of success is abuse and pollution.
6. Free help never seems to arrive.
7. Backers are aptly named.
8. Learn to play policeman, executioner, judge, and Solomon. All are
necessary skills for community networks.

>be much more than lightweight use. But we'd certainly be charting the
>consumption (gotta love MRTG) to keep things from getting out of hand.

SMTP is a good thing. I did quit a bit of that at ISP's many years
ago.

Hints: Concentrate on the antennas and the topography and never mind
the amplifiers, exotic access points, and high power. Be very
concerned about interference problems, especially from other wireless
networks. Take the time to do a site survey. Use MIMO on the AP's if
possible as reflections in the marina are sure to be a problem.
Install and use some form of bandwidth management (QoS) to avoid one
user hogging the whole system.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

"Bill Kearney" <(E-Mail Removed)> hath wroth:

>Since this is a 'donation' of sorts to get free access in the marina I'm
>hoping to try it using something like this antenna:
>http://www.hyperlinktech.com/web/re11ds.php

Same as:
http://www.pacwireless.com/products/MD24-12.shtml
Data Sheet:
http://www.pacwireless.com/products/...Data_Sheet.pdf

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Thu, 29 Jun 2006 10:33:26 -0700, Jeff Liebermann
<(E-Mail Removed)> wrote in
<(E-Mail Removed)>:

>"Bill Kearney" <(E-Mail Removed)> hath wroth:

>>be much more than lightweight use. But we'd certainly be charting the
>>consumption (gotta love MRTG) to keep things from getting out of hand.
>
>SMTP is a good thing. I did quit a bit of that at ISP's many years
>ago.

SNMP?

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

John Navas <(E-Mail Removed)> hath wroth:

>On Thu, 29 Jun 2006 10:33:26 -0700, Jeff Liebermann
><(E-Mail Removed)> wrote in
><(E-Mail Removed)>:
>
>>"Bill Kearney" <(E-Mail Removed)> hath wroth:
>
>>>be much more than lightweight use. But we'd certainly be charting the
>>>consumption (gotta love MRTG) to keep things from getting out of hand.
>>
>>SMTP is a good thing. I did quit a bit of that at ISP's many years
>>ago.

>SNMP?

Sorry. AOS (Acronym Overload Syndrome) problem. I also get PPTP and
PPPoE backwards all the time. After we run out of domain names, I
think the various domain registries could sell acronyms. Maybe that
will reduce AID (Acronym Infestation Disease).

I even wrote the instructions for MRTG on W95/98/ME (which Tobias
detests and doesn't want to support) about 6 years ago:
http://www.LearnByDestroying.com/mrtg/docs/w95mrtg.htm

Personally, I prefer RRDTool but that requires a web server to use and
is a bit messy to setup.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

> Jeff's rules for community wireless networks:
> 1. Never do anything for free. You can always give a discount or a
> temporary free deal, but you can never go from free to paid.
> 2. Everything requires support, tinkering, negotiation, and more
> money.
> 3. There's always someone just outside your coverage area.
> 4. Support calls always arrive at inconvenient times.
> 5. The surest sign of success is abuse and pollution.
> 6. Free help never seems to arrive.
> 7. Backers are aptly named.
> 8. Learn to play policeman, executioner, judge, and Solomon. All are
> necessary skills for community networks.

These are $5k/yr (and up) slips. I won't be the least bit sympathetic to
the whiners at the fringes if they're not willing to pony up some cash. But
even without their help it's not like it's going to break any banks getting
this gear.

Likewise, if its a free service then interruptions are to be expected.
Sometimes done deliberately to 'adjust' usage patterns. Nothing like
silently dropping service to a given MAC when things get out of hand. I've
had plenty of experience administering large networks and dealing with
(l)users. I'll have my marine-grade LART handy.

Playing Solomon hits the nail on the head. I generally find it's better to
let them think things are being run poorly (or even incompetently), rather
than taking a confrontational "informed" approach. Just let things
mysteriously become "unreliable" for them until they wander off finding
other things to occupy themselves. No sense arguing with them or
confronting them about spending all their bandwidth downloading porn or
whatever. Just let the net flake out, perhaps timed appropriately right
before the end of those video clips...

BoFH rules apply!

The biggest challenge I'm expecting is avoiding freeloader abuse by folks
anchoring just outside the sea wall of the marina. Hopefully some down tilt
on the antennae and adjusting of the radio output power will help stave that
off. But we're also planning on not broadcasting the SSID and changing it
on a semi-random basis. This is certainly 'not secure' but it's a bit of
security-through-obscurity. There will be a notice posted in the club
house with the current SSID. And since it's free, they'll get what they pay
for, support-wise.

There will be no support. If they get it working, great, otherwise, pound
sand.

I'm really only expecting about 8 or so vessels will even bother making use
of it. I suppose I could've just signed up for comcast and stuffed a router
in the pedestal near my slip. But that'd require paying those rat bastards
money and I hate comcast. This way it ends up shared with other slipholders
and I get to learn some new stuff.

> Hints: Concentrate on the antennas and the topography and never mind
> the amplifiers, exotic access points, and high power. Be very
> concerned about interference problems, especially from other wireless
> networks. Take the time to do a site survey.

Yes, already done one, informally with netstumbler. Existing coverage is
exceptionally poor (thus my embarking on this journey). There's a WEP
secured network and a weak open one. Otherwise it's relatively barren,
signal-wise. This also gleaned from doing a site survey lookup from the
WRT54G running dd-wrt with a pair of 9db omni antennae. Even with better
antennae the number of SSID didn't increase.

> Install and use some form of bandwidth management (QoS) to avoid one
> user hogging the whole system.

Yep, already expecting to do this. Mainly to make sure the one wired
desktop has guaranteed bandwidth on demand. This whole thing is freeloading
the uplink from the marina office. The one guy in the office doesn't use it
for all that much so it's largely idle. But on the few occasions he's
likely to be doing anything I'm going to try configuring it such that his
box gets priority over everything else.

My only real question at this point concerns what antennae to use. Your
suggestion of sector type is probably the most appropriate. Getting that
square panel, while it might help the inital 'proof of concept' would
largely be a waste of money, but not all that much. I could always recycle
it for on-boat use as a directional.

Hmm, I'm wondering if a 120 degree sectional would suffice? Like this one:
http://www.hyperlinktech.com/web/hg2414sp-120.php
or the 180:
http://www.hyperlinktech.com/web/hg2415p_180.php

The 120 might be better in that it'd avoid serving anything on-shore. That
and it's quite a bit less expensive than the 180.

-Bill Kearney

"Bill Kearney" <(E-Mail Removed)> hath wroth:

>These are $5k/yr (and up) slips. I won't be the least bit sympathetic to
>the whiners at the fringes if they're not willing to pony up some cash. But
>even without their help it's not like it's going to break any banks getting
>this gear.

I think you're missing my point on charging for service. It's
infinitely easier to reduce rates than it is to go from a free service
to a for pay service. Start by charging for the connectivity and then
give the good guys a "deal". That makes you a good guy instead of an
evil bill collector.

Incidentally, I forgot to mumble something about installing a RADIUS
server and using WPA-RADIUS for authentication. That solves two
problems. You get easy user identification along with individual and
temporary encryption keys which are different for each user.

>I've
>had plenty of experience administering large networks and dealing with
>(l)users. I'll have my marine-grade LART handy.

Sigh. You can probably get away with herding corporate employees, but
herding cats and sailors just doesn't work. They have their own
expectations of what constitutes proper reliability and operation and
on how to contact tech support at 1AM. I have the same problems with
my neighborhood LAN, where some neighbors seem to think I run a public
utility. I find it best to be tolerant and not vindictive as I have
to deal with these people on a regular basis.

>Playing Solomon hits the nail on the head. I generally find it's better to
>let them think things are being run poorly (or even incompetently), rather
>than taking a confrontational "informed" approach.

Nope. I've found it just the opposite. Friends and neighbors have
different expectations than customers. That's another reason why I
suggested charging for the service. That will turn your friends and
neighbors into customers.

>Just let things
>mysteriously become "unreliable" for them until they wander off finding
>other things to occupy themselves. No sense arguing with them or
>confronting them about spending all their bandwidth downloading porn or
>whatever. Just let the net flake out, perhaps timed appropriately right
>before the end of those video clips...

Manual bandwidth management and throttling is a necessary part of WISP
management. The trick is to walk that fine line between managing
abuse and outright censorship. It's also considered good form to
inform abusers of the problem their causing. The way I do it is to
charge the neighbors by their traffic volume.

On a different neighborhood WLAN, they include everyone's monthly
traffic report so that the whole neighborhood can get a feel for the
typical usage, why someone is paying more than everyone else, and how
badly they're hogging the system. Everyone abuses the bandwidth for
the first month. After that, no problems. The report also reminds
them that someone is watching.

>BoFH rules apply!

Only in support newsgroups. In reality, most of the banter in
alt.sysadmin.recovery is wishful thinking and is more a reflection of
what IT would like to do to employees and customers, and not how they
actually perform their duties. I would be seriously worried if you
actually believed many of the stories and retaliatory suggestions
posted in alt.sysadmin.recovery.

>The biggest challenge I'm expecting is avoiding freeloader abuse by folks
>anchoring just outside the sea wall of the marina.

If you lock up the system with WPA-RADIUS, that won't be much of a
worry.

>But we're also planning on not broadcasting the SSID and changing it
>on a semi-random basis.

Security by obscurity? I thought you had some experience in such
things? All that hiding the SSID does it allow users to setup their
own wireless networks on the same channel, create mutual interference,
and create difficulties for users to connect. Also, you get the honor
of going around and informing everyone that the SSID has changed and
helping them make the change to their PC's.

Incidentally, your site survey with Netstumbler is inadequate. You
should use Kismet with a Linux LiveCD so that you can see networks
that hide their SSID.

>This is certainly 'not secure' but it's a bit of
>security-through-obscurity. There will be a notice posted in the club
>house with the current SSID. And since it's free, they'll get what they pay
>for, support-wise.

Right. Zero security with rotten service and secret handshakes from
the start. Were you planning on this adventure being successful or is
self-sabotage part of the plan? Incidentally, with such an open
system, it's difficult to keep a knowledgeable user out of the system
by just MAC filtering as you propose. Anyone with a search engine can
figure out how to change their MAC address.

Basically, you have to provide everything that a wired dialup/DSL ISP
provides. You have infrastructure (hardware), support, setup help,
information dissemination, billing, abuse mitigation, maintenance,
upgrades, complaints, backhaul, etc. With wireless, you get the added
enjoyment of a shared and unreliable distribution mechanism.

>There will be no support. If they get it working, great, otherwise, pound
>sand.

Wishful thinking. When the boat owner, from whom you usually borrow
tools and supplies, wants help with his computah, you have the option
of playing ignorant, playing busy, or just get it over with and help
him. Usually the latter is easiest. You can't run a service without
some form of support. However, make sure you charge (or trade) for it
or your help will surely be abused.

>I'm really only expecting about 8 or so vessels will even bother making use
>of it.

Walk around and count computers on board. If laptops, about 90% have
wireless built in. Figure on all of them wanting to connect.

>Yes, already done one, informally with netstumbler.

Use Kismet on a Linux LiveCD. You're not checking for coverage as
much as checking for hidden WLAN's that might cause interference.

>Yep, already expecting to do this. Mainly to make sure the one wired
>desktop has guaranteed bandwidth on demand. This whole thing is freeloading
>the uplink from the marina office. The one guy in the office doesn't use it
>for all that much so it's largely idle. But on the few occasions he's
>likely to be doing anything I'm going to try configuring it such that his
>box gets priority over everything else.

You might want to price the cost of more than one IP address from the
ISP. That will make separating the office LAN from the freeloaders
much easier using two routers. Also, look at the Sonicwall TZ-170SP
wireless router which has separate security "zones".

>Hmm, I'm wondering if a 120 degree sectional would suffice? Like this one:
>http://www.hyperlinktech.com/web/hg2414sp-120.php
>or the 180:
>http://www.hyperlinktech.com/web/hg2415p_180.php

180 is magic. I don't see how they do it. In most cases, it's easier
and better to use 120 degree sectors. Note that you can't use the
same channel on adjacent sectors as there will be havoc where they
overlap at the boundaries. The choice is really based on your
coverage area.

>The 120 might be better in that it'd avoid serving anything on-shore. That
>and it's quite a bit less expensive than the 180.

Yeah, probably 120 is safer.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Fri, 30 Jun 2006 09:05:29 -0700, Jeff Liebermann
<(E-Mail Removed)> wrote in
<(E-Mail Removed)>:

>"Bill Kearney" <(E-Mail Removed)> hath wroth:
>
>>These are $5k/yr (and up) slips. I won't be the least bit sympathetic to
>>the whiners at the fringes if they're not willing to pony up some cash. But
>>even without their help it's not like it's going to break any banks getting
>>this gear.
>
>I think you're missing my point on charging for service. It's
>infinitely easier to reduce rates than it is to go from a free service
>to a for pay service. Start by charging for the connectivity and then
>give the good guys a "deal". That makes you a good guy instead of an
>evil bill collector.

I strongly second that advice. Never make anything free. Instead, set
a fair price ($10/month?), and then give out (say) coupons for free
months of service, and perhaps tie that into monthly changes of a shared
WPA key.

>Incidentally, I forgot to mumble something about installing a RADIUS
>server and using WPA-RADIUS for authentication. That solves two
>problems. You get easy user identification along with individual and
>temporary encryption keys which are different for each user.

I agree this is better than a shared key, but it may be more trouble
than it's worth.

>>I've
>>had plenty of experience administering large networks and dealing with
>>(l)users. I'll have my marine-grade LART handy.
>
>Sigh. You can probably get away with herding corporate employees, but
>herding cats and sailors just doesn't work. They have their own
>expectations of what constitutes proper reliability and operation and
>on how to contact tech support at 1AM. I have the same problems with
>my neighborhood LAN, where some neighbors seem to think I run a public
>utility. I find it best to be tolerant and not vindictive as I have
>to deal with these people on a regular basis.

I agree. Having a group of wasted boaters pounding on your cabin door
at 2 AM isn't fun.

>>Playing Solomon hits the nail on the head. I generally find it's better to
>>let them think things are being run poorly (or even incompetently), rather
>>than taking a confrontational "informed" approach.
>
>Nope. I've found it just the opposite. Friends and neighbors have
>different expectations than customers. That's another reason why I
>suggested charging for the service. That will turn your friends and
>neighbors into customers.

Again, I agree.

>>Just let things
>>mysteriously become "unreliable" for them until they wander off finding
>>other things to occupy themselves. No sense arguing with them or
>>confronting them about spending all their bandwidth downloading porn or
>>whatever. Just let the net flake out, perhaps timed appropriately right
>>before the end of those video clips...
>
>Manual bandwidth management and throttling is a necessary part of WISP
>management. The trick is to walk that fine line between managing
>abuse and outright censorship. It's also considered good form to
>inform abusers of the problem their causing. The way I do it is to
>charge the neighbors by their traffic volume.

I've not had good reaction to that -- people have come to expect the
comfort level of fixed price for service. It also raises the issue of
billing in arrears, whereas I think it makes more sense to bill for this
sort of thing in advance.

>On a different neighborhood WLAN, they include everyone's monthly
>traffic report so that the whole neighborhood can get a feel for the
>typical usage, why someone is paying more than everyone else, and how
>badly they're hogging the system. Everyone abuses the bandwidth for
>the first month. After that, no problems. The report also reminds
>them that someone is watching.

Yikes! I really don't think that's a good idea. It encourages a kind
of mob rule that can easily get out of hand.

>>The biggest challenge I'm expecting is avoiding freeloader abuse by folks
>>anchoring just outside the sea wall of the marina.
>
>If you lock up the system with WPA-RADIUS, that won't be much of a
>worry.

Or even a regularly expiring shared key.

>>But we're also planning on not broadcasting the SSID and changing it
>>on a semi-random basis.
>
>Security by obscurity? I thought you had some experience in such
>things? All that hiding the SSID does it allow users to setup their
>own wireless networks on the same channel, create mutual interference,
>and create difficulties for users to connect. Also, you get the honor
>of going around and informing everyone that the SSID has changed and
>helping them make the change to their PC's.

I also think it's a bad idea. Make the SSID clear and meaningful; e.g.,
"Bills wireless Internet, slip X-9999"

>>There will be no support. If they get it working, great, otherwise, pound
>>sand.
>
>Wishful thinking. When the boat owner, from whom you usually borrow
>tools and supplies, wants help with his computah, you have the option
>of playing ignorant, playing busy, or just get it over with and help
>him. Usually the latter is easiest. You can't run a service without
>some form of support. However, make sure you charge (or trade) for it
>or your help will surely be abused.

Again, I agree.

>>I'm really only expecting about 8 or so vessels will even bother making use
>>of it.
>
>Walk around and count computers on board. If laptops, about 90% have
>wireless built in. Figure on all of them wanting to connect.

I think Jeff's more right than wrong, especially with respect to
live-aboards.

>>Yep, already expecting to do this. Mainly to make sure the one wired
>>desktop has guaranteed bandwidth on demand. This whole thing is freeloading
>>the uplink from the marina office. The one guy in the office doesn't use it
>>for all that much so it's largely idle. But on the few occasions he's
>>likely to be doing anything I'm going to try configuring it such that his
>>box gets priority over everything else.
>
>You might want to price the cost of more than one IP address from the
>ISP. That will make separating the office LAN from the freeloaders
>much easier using two routers.

Also keeps the marina out of the loop if (when) the cops come looking
for an abuser.

>Also, look at the Sonicwall TZ-170SP
>wireless router which has separate security "zones".

Good suggestion. In general, I strongly recommend a hotspot-type router
for this kind of thing.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_How_To>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

> I think you're missing my point on charging for service. It's
> infinitely easier to reduce rates than it is to go from a free service
> to a for pay service. Start by charging for the connectivity and then
> give the good guys a "deal". That makes you a good guy instead of an
> evil bill collector.

No, I got your point.

I'm saying the for the minimal cost of this hardware, and the free DSL
uplink, there's not much incentive to bother dealing with accepting people's
money. Once you take money from them they start getting expectations. If
it sucks then I'll just dismantle it. I can simply punt to getting my own
comcraptastic cable modem and stuff an AP in the dock pedestal. I have
absolutely no desire to put myself in a position where people are paying me
money and bugging the crap out of me for 'support'. I'd rather it cost me
some trival amount of money to maintain it and remain free of their contact.
If they wanna make it better than what I have planned they're free to figure
it all out for themselves.

And let's back up a second, the marina here has sister sites. They've
attempted to get some pay-for services going and it's not gone well. Mainly
because they made the mistake of giving expectations. This is not the case
here.

> Incidentally, I forgot to mumble something about installing a RADIUS
> server and using WPA-RADIUS for authentication. That solves two
> problems. You get easy user identification along with individual and
> temporary encryption keys which are different for each user.

No, I have no desire to deal with the likely conspiracy nuts that want to
winge about someone 'knowing' what they're doing on the net. Sure, they're
idiots for thinking it, but start tying a username/password to it and things
go downhill. Not to mention the jackass calling me in the middle of the
night having forgotten their password. Again, open and NO support seems
like a much better situation.

> Sigh. You can probably get away with herding corporate employees, but
> herding cats and sailors just doesn't work. They have their own
> expectations of what constitutes proper reliability and operation and
> on how to contact tech support at 1AM.

Let's be clear, NO SUPPORT. If it's up, it's up, if not, tough. I'm 6'4",
not shy and know the value of my time. If they want something better
they're more than welcome to go do it. But make no mistake, I won't be
giving them any impression they can bug me about a damn thing.

> I have the same problems with
> my neighborhood LAN, where some neighbors seem to think I run a public
> utility. I find it best to be tolerant and not vindictive as I have
> to deal with these people on a regular basis.

Ah, neighbors are somewhat different than slipholders in a non-liveaboard
situation. I can move my boat to another marina, it's not as easy with a
house.

But don't think I'm missing your point. Thus, from the outset, this is a
free service with absolutely no guarantees or support.

> Nope. I've found it just the opposite. Friends and neighbors have
> different expectations than customers. That's another reason why I
> suggested charging for the service. That will turn your friends and
> neighbors into customers.

They're more than welcome to become someone else's customers. I do not want
those headaches, period.

> Manual bandwidth management and throttling is a necessary part of WISP
> management. The trick is to walk that fine line between managing
> abuse and outright censorship.

Ah, now here we completely agree. I have no desire to censor content. But
if some nitwit insists on moving a virtual freight train of porn over the
airwaves while everyone else is being reasonable then it's time to throttle
that consumption. Not based on anything other than excessive consumption.
Sure, they can play MAC address games but I've low expectation of that
considering the audience.

> It's also considered good form to inform abusers of the problem their
causing.
> The way I do it is to charge the neighbors by their traffic volume.

Yeah well, when you do this you raise the spectre of having snooped not on
just how much they wasted, but on what. Trust me, they tend to get their
knickers in much more of a twist when they think their content patterns are
being monitored. To drop service intermittently, when no expectation of
reliability is implied, is perhaps a far less confrontational mechanism.
I'm fine with them thinking I run a shitty service, all I want is my
occasional Wifi bandwidth without hassles.

After all, this is a upscale, pleasureboat marina we're talking about here.
Having WiFi on it ain't exactly a 'critical' need like one might expect in a
residence.

> On a different neighborhood WLAN, they include everyone's monthly
> traffic report so that the whole neighborhood can get a feel for the
> typical usage, why someone is paying more than everyone else, and how
> badly they're hogging the system. Everyone abuses the bandwidth for
> the first month. After that, no problems. The report also reminds
> them that someone is watching.

Yes, having open webpages showing consumption works wonders for
self-policing behavior modification. At some point, should consumption get
out of hand, I'd certainly want to implement it.

> >BoFH rules apply!
>
> Only in support newsgroups. In reality, most of the banter in
> alt.sysadmin.recovery is wishful thinking and is more a reflection of
> what IT would like to do to employees and customers, and not how they
> actually perform their duties. I would be seriously worried if you
> actually believed many of the stories and retaliatory suggestions
> posted in alt.sysadmin.recovery.

What, you mean I can't electrify the handrails to improve the support call
numbers? <grin> <EVIL GRIN>

And I'm not talking about those pikers over in a.s.r. I'm speaking more in
terms of the classic BoFH perspective.

> >The biggest challenge I'm expecting is avoiding freeloader abuse by folks
> >anchoring just outside the sea wall of the marina.
>
> If you lock up the system with WPA-RADIUS, that won't be much of a
> worry.

Manually ditching freeloaders, or even having some scripts doing it, seems
like a lot less hassle.

> >But we're also planning on not broadcasting the SSID and changing it
> >on a semi-random basis.
>
> Security by obscurity? I thought you had some experience in such
> things? All that hiding the SSID does it allow users to setup their
> own wireless networks on the same channel, create mutual interference,
> and create difficulties for users to connect.

Yeah, there's plenty of truth to that. But given the location of this it's
not like I'm expecting a lot of interference or other services sprouting up.
Besides, the folks hosting the uplink ain't real bright. Not broadcasting
the SSID lets them think something's hidden. I know better, you know
better, etc... but it's all about humoring them. At some point, as things
evolve, there's certainly room for change.

> Also, you get the honor
> of going around and informing everyone that the SSID has changed and
> helping them make the change to their PC's.

NO SUPPORT. A posted sign, if they can't figure it out from there that's
just tough. And I'm not just playing the bastard here. This is a frill and
if the folks want to make use of it they're more than welcome to educate
themselves on how. I have no need to add customers, nor am I building a
service on which I need growth, click-throughs or anything else.

> Incidentally, your site survey with Netstumbler is inadequate. You
> should use Kismet with a Linux LiveCD so that you can see networks
> that hide their SSID.

True, on my list of things to do. And to do on a regular basis.

> >This is certainly 'not secure' but it's a bit of
> >security-through-obscurity. There will be a notice posted in the club
> >house with the current SSID. And since it's free, they'll get what they
pay
> >for, support-wise.
>
> Right. Zero security with rotten service and secret handshakes from
> the start. Were you planning on this adventure being successful or is
> self-sabotage part of the plan?

Hey, if it works for me and three other folks eager for access then it'll be
a success. That it might not work for the 100 or so other slipholders
really doesn't bother me. Thus far no more than a dozen folks have
expressed any interest whatsoever. Frankly, I expect it to remain that low.

> Incidentally, with such an open
> system, it's difficult to keep a knowledgeable user out of the system
> by just MAC filtering as you propose. Anyone with a search engine can
> figure out how to change their MAC address.

And sitting on their boat for a few hours in the afternoon evening means
it's pretty unlikely they're going to waste the time/effort. This is
basically a frill to let them fire up the laptop, get/send mail and check a
couple of web pages for weather and event info. Should needs grow beyond
that (and I'm not saying it couldn't happen) there's plenty of opportunity
to improve it. Even if that means going to a pay-for model (run by someone
other than me, that's for sure). These are boat owners, they're used to
getting absolutely gouged for everything, often with very little resembling
decent treatment.

> Basically, you have to provide everything that a wired dialup/DSL ISP
> provides. You have infrastructure (hardware), support, setup help,
> information dissemination, billing, abuse mitigation, maintenance,
> upgrades, complaints, backhaul, etc. With wireless, you get the added
> enjoyment of a shared and unreliable distribution mechanism.

Eh, two access points and a likelihood of about a dozen users. I'm not
exactly worried about infrastructure and costs.

> >There will be no support. If they get it working, great, otherwise,
pound
> >sand.
>
> Wishful thinking. When the boat owner, from whom you usually borrow
> tools and supplies, wants help with his computah, you have the option
> of playing ignorant, playing busy, or just get it over with and help
> him.

Hey, if they fire up the blender and make some margaritas then we'll talk.
I've met most of the slipholders and, by and large, they're a nice bunch.
If anything a NoCat splash page or wiki will sprout up to help them. But no
phone calls or handholding is ever going to be implied, offered or provided.
Besides, I'm already the one known for having the tools and supplies and
they're right nice about asking me for things.

> Usually the latter is easiest. You can't run a service without
> some form of support. However, make sure you charge (or trade) for it
> or your help will surely be abused.

I've been a consultant for 2 decades and my wife's an attorney. I'm well
aware the value of time.

> >I'm really only expecting about 8 or so vessels will even bother making
use
> >of it.
>
> Walk around and count computers on board. If laptops, about 90% have
> wireless built in. Figure on all of them wanting to connect.

Already have and spoken with folks about it. They're fine with the general
plan. This is not a service 'sponsored' by the marina or part of their
slipholder contract. It's an unsupporte freebie and they grasp the concept.

> You might want to price the cost of more than one IP address from the
> ISP. That will make separating the office LAN from the freeloaders
> much easier using two routers. Also, look at the Sonicwall TZ-170SP
> wireless router which has separate security "zones".

True, and if traffic volumes are such that it's an issue I'd definitely go
down that road. The office network here is ONE machine, very infrequently
used for little more than mail and web surfing. There's no restaurant,
snack bar or other activities going on that require anything more than very
minimal bandwidth.

> 180 is magic. I don't see how they do it. In most cases, it's easier
> and better to use 120 degree sectors. Note that you can't use the
> same channel on adjacent sectors as there will be havoc where they
> overlap at the boundaries. The choice is really based on your
> coverage area.

Good point. I'll pickup the 120 and see how well it covers. If that's not
enough then a spare AP and another 120 on the pole should work nicely.

> >The 120 might be better in that it'd avoid serving anything on-shore.
That
> >and it's quite a bit less expensive than the 180.
>
> Yeah, probably 120 is safer.

Once again, thanks Jeff!

-Bill Kearney

> I strongly second that advice. Never make anything free. Instead, set
> a fair price ($10/month?), and then give out (say) coupons for free
> months of service, and perhaps tie that into monthly changes of a shared
> WPA key.

You miss the point about not wanting to have any sort of financial or
support relationship with these folks. The service is up, or not, and
that's the extent of the relationship.

> I agree. Having a group of wasted boaters pounding on your cabin door
> at 2 AM isn't fun.

Were they dumb enough to try this I'd be more than glad to show them to the
nearby water.

> I've not had good reaction to that -- people have come to expect the
> comfort level of fixed price for service. It also raises the issue of
> billing in arrears, whereas I think it makes more sense to bill for this
> sort of thing in advance.

And if you're not engaging in any sort of financial relationship with them
you're free of any of these headaches. Different headaches, perhaps.

> Yikes! I really don't think that's a good idea. It encourages a kind
> of mob rule that can easily get out of hand.

Two words: Benevolent dictatorship. That's the idea here. Like it or make
another one yourselves.

> I also think it's a bad idea. Make the SSID clear and meaningful; e.g.,
> "Bills wireless Internet, slip X-9999"

You MUST be kidding. I have absolutely NO desire to have these folks
contacting me. It'll be some random word.

> I think Jeff's more right than wrong, especially with respect to
> live-aboards.

We HAVE NO LIVEABOARDS at this marina. Were that the case then some of
what's been suggested might have relevance.

> Also keeps the marina out of the loop if (when) the cops come looking
> for an abuser.

Yes, well, we'll burn that bridge when we come to it. Should the local LE
folks get their act together enough to actually be able to DO something like
this then I'd start to worry.

Guys, you're making good points, they're just not of direct relevance to the
situation at hand.

-Bill Kearney