- Posts: 15
- Thank you received: 0
Campus Hotspot portal - Design and requirement suggestions
16 years 7 months ago #25681
by lawin
Campus Hotspot portal - Design and requirement suggestions was created by lawin
We have several buildings in the campus that have wireless access points in each floors and lobby and in the library. These are all Open system, meaning anyone who brings their wireless devices can connect and access the internet. Because this is a school facility, we want to restrict the access only to our students and faculties. We don't want to use MAC Filters, WEP, WAP as the security but instead, we want a system similar to some private hotspots where who ever connects to any of our waps, they will get our website first, and to get to the internet, they have to be authenticated by entering say, username and password or a pin or something similar.
Can anyone tell me what I need to achieve this setup? We use a mixture of Linksys WRT54GS and Edimax WAPS in our network. All Linksys are using the latest DD-WRT firmware.
TIA
Can anyone tell me what I need to achieve this setup? We use a mixture of Linksys WRT54GS and Edimax WAPS in our network. All Linksys are using the latest DD-WRT firmware.
TIA
16 years 7 months ago #25702
by TheBishop
Replied by TheBishop on topic Re: Campus Hotspot portal - Design and requirement suggestions
To enforce the internet access you could use an http proxy with authentication. This will challenge any user trying to connect through and they will have to authenticate to get access. There are several products and open source solutions that will do this. You should consider the way authentication might work too, simplest way is an internal user/password scheme on the proxy but then you have to maintain that. Or you could link to an external authentication source such as RADIUS or TACACS server or even Active Directory. One more thing to consider is that the above will only restrict http - you need to consider other types of traffic and either block them completely or have them authenticate too. Remember that by not restricting wireless access you could have people poking around from the inside and trying to break your network
16 years 7 months ago #25706
by beexo
Replied by beexo on topic Re: Campus Hotspot portal - Design and requirement suggestions
Like TheBishop said, a proxy with authentication would be a simple but not best solution.
Sometime ago Tomshardware wrote an article abot setting up a kind of hotspot with M0N0WALL. This migth be the sort of thing you are looking for.
There is also opensource software such as zeroshell that will turn a pc into a captive portal.
Also, you can buy a router with built-in hot-spot functionality.
In my opinion, the best would be to use some type of captive portal plus the use of a content filtering system.
Sometime ago Tomshardware wrote an article abot setting up a kind of hotspot with M0N0WALL. This migth be the sort of thing you are looking for.
There is also opensource software such as zeroshell that will turn a pc into a captive portal.
Also, you can buy a router with built-in hot-spot functionality.
In my opinion, the best would be to use some type of captive portal plus the use of a content filtering system.
16 years 7 months ago #25722
by lawin
This company doesn't use AD for authentication or use any sort of authentication for users for now. A plan is being layed out to go to that as part of the network upgrade but for now, I am concern about the open wap that they have here. RADIUS is where we might be considering for authentication.
I looked at m0n0wall as you mentioned and also the article at tomshardware you mentioned and also about the zeroshell. It's interesting to know about different posibilities to achieve captive portal for wireless access with authentication. But I still need to get some hardwares and softwares to start with and try it.
Thanks for you Bishop and beexo. I have to get the FreeRADIUS running first.
Replied by lawin on topic Re: Campus Hotspot portal - Design and requirement suggestions
To enforce the internet access you could use an http proxy with authentication. This will challenge any user trying to connect through and they will have to authenticate to get access. There are several products and open source solutions that will do this. You should consider the way authentication might work too, simplest way is an internal user/password scheme on the proxy but then you have to maintain that. Or you could link to an external authentication source such as RADIUS or TACACS server or even Active Directory. One more thing to consider is that the above will only restrict http - you need to consider other types of traffic and either block them completely or have them authenticate too. Remember that by not restricting wireless access you could have people poking around from the inside and trying to break your network
This company doesn't use AD for authentication or use any sort of authentication for users for now. A plan is being layed out to go to that as part of the network upgrade but for now, I am concern about the open wap that they have here. RADIUS is where we might be considering for authentication.
Like TheBishop said, a proxy with authentication would be a simple but not best solution.
Sometime ago Tomshardware wrote an article abot setting up a kind of hotspot with M0N0WALL. This migth be the sort of thing you are looking for.
There is also opensource software such as zeroshell that will turn a pc into a captive portal.
Also, you can buy a router with built-in hot-spot functionality.
In my opinion, the best would be to use some type of captive portal plus the use of a content filtering system.
I looked at m0n0wall as you mentioned and also the article at tomshardware you mentioned and also about the zeroshell. It's interesting to know about different posibilities to achieve captive portal for wireless access with authentication. But I still need to get some hardwares and softwares to start with and try it.
Thanks for you Bishop and beexo. I have to get the FreeRADIUS running first.
Time to create page: 0.121 seconds