I've used Openwrt successfully in a small campus deployment of about 50-70 Openwrt boxes using Linksys 54GL.
The Openwrt boxes act as clients/bridges to a Cisco Lightweight wireless network, allowing us to extend wired connections via the built in switch ports.
I've built my own openwrt from source so I can put in some of my own configs.
My problem is the deployment/management/scaling of this many devices, as well as security concerns about losing a device (currently I register tha MAC addresses, so if I lose a device I can de-authorize it, but I'm sure this could be improved).
Has anyone else deployed an Openwrt network of this size or larger? I'm looking for ways to ease the management and deployment etc.
I'm looking for the best way to:
- bootup with DHCP, register a MAC/serial based name with DNS
- enroll a new device in a certificate authority
- install/update wireless keys so the box can become a wireless client/bridge
- at every boot, download (signed) updates/configs from a central server (tftp, http etc).
- manage QoS/DSCP and queueing/rate limiting
- WPA/WPA2 with dynamic key management in client (non-AP) mode?
- tunnel/bridge layer 2 traffic across an IP wireless LAN. I would like to assign 802.1q vlans on to the wired switch ports
and tunnel/bridge it over IP. I'm not sure if Linux GRE supports Layer 2. Cisco uses EtherIP to do this with their wireless gear.
For performance I wouldn't want to tunnel using TCP. MPLS would be an interesting option.
The reason I'm looking at tunneling layer 2 is that in routed mode there's a lot of administration, NAT is undesirable for applications, and the built in bridge (wet) mode is not a true bridge mode. There's also interoperability with the Cisco APs as well.
Any thoughts?