Hi All!

I’m getting back to the question that I asked long time ago…

Now I have campus area covered with wi-fi signal. I would like to implement Access Controll security to my network. (Something like Bluesocket provides) except I don’t have 40k to pay for their product so I have to do something myself.

So I got AP set for RADIUS identification (via Microsoft’s IAS) everything is good but users need to know about existence of the network and they have to set their PC right.

Here is the question: How can I make that way so users automatically connect to internal (or specific external) website only and there through the web interface they are offered to login?

Can somebody please help me or at least guide in proper direction?

Thanks, and merry xmas.

Alex,

There are a number of products that provide web portal login capabilities (Nomadix, Zyxel, DLink).

Using these devices in a campus environment could be a challenge because you'll need a way to manage usernames and passwords. Product selection also depends on the number of users you'll need to authenticate.

Greg

I was more talking about the software add-on to radius.

I know DLink has HotSpot Gateway device that works with RADIUS or LDAP (easy to manage) but max # of users is only 50 and it cost $500. (it is not price effective for me, if I'll buy something like this I more looking into 500 users min for that price)


I have some knowlage of VB and C++ so I hope to write some add on to radius, but I dont know if it would be cost effective...

-Added:
Im also looking so this app/device was capable of mesh managment, so i can point an AP some where in remote location to the radius server and people will get the login screen

hey,

I guess webauhentication would be the feature or add on that you are lookin up for with regards to security over radius. I am not sure if this helps, coz. ai m not sure wha you wanna implement. However, you can use webauthentication which is what i understood from your discusion threads. Currently this feature is implemented byAirespace & Alcatel wireless equipment.

Sniper, yes I need the web iterface for radius id, as of now I alredy bought DLink DSA-3100 which support all of those features, but it can work only with 50 concurent connections.

Dude!

We'll not sure if that's one of those prod. limitations u r facing with dlink.
Anyways, i just bumped across a discussion with my friend Ajit and he told me about this:
know that for in most the hotspots they have website published which
ask for username and password and which is directed to radius server
for authentication and later one can do accouting for billing purpose.

I researched a little bit and find out that people some time use
Apache webserver to publish the site in turn running some scripts in
PHP and Perl they direct the user authentication to Radius server..I
dont know for sure whether we can integrate IIS server with radius or
not ....

Other way to do is to integrate ISA server which internet
authentication server for user authentication .

and here is the link regarding how to integrate ISA with Radius server..

http://www.isaserver.org/tutorials/ISA2004-RADIUS-Authentication-Web-Publishing-Rules-Part2.html

I am yet to research upon this entirely I guess this will help you out here overcome that 50 user limitation.

Rocks!,
Sniper

well ISA was the think that I first thought of, well the proxy part of it, cause if use isa as a firewall (which will work fine for web user login, if I write LDAP web interface on PHP) it will be tooo expensive. cause the server box cost ~1200 + MS Server 03 ~600 + ISA Standart ~1500 and total of: 3300 per hotspot.
I think it is too expensive. So the only thing which is left is to use Proxy (weather it would be an ISA or something else) then client remotely connects to the proxy and proxy sends request to the radius to check if userr is Ok. I dont know but it is too complicated for me cause I will have to write an app on a packets level ... too hard and aint my spesialization...

So what I think is better for my size business is to use Dlink 3100 for now and if it gets more then 50 users then switch to ZyAir cause they've got the same product for $1200 and it supports around 1500 users, (exept I can't get it how come their product has throughput bandwith of 16Mbps and 32Mbps when for that # of users it should be at least be 1G)

I also heard about some "Night Cat" or some othe cat, which works as a ISA but is spesificaly designed for wi-fi hotspot radius id, and I think it is free...:D

Alex,

There are a few free applications available like No Cat and Sveasofts Alchemy. And a few that have a small fee like Control AP. Search Google and you'll find more but they all pretty much work the same way; a PC at the location with two nic cards, one to the AP(s) and one to the Internet. The PC basically becomes the gateway like the DSA-3100.

Also, if you're referring to the Zyxel VSG1200, it doesn't really support 1,500 users. It will DHCP up to 1,024 users but can only handle 200 to 300 users online at the same time. We've got it installed at a hotel and a large meeting room facility and for the price and configuration flexibility nothing beats it.

Greg

Golfnut, thanks for info on Zyxel VSG1200 and No Cat..

Also I see u provide an access in WA for home users, can u tell me (if it is not a secret) is that working how do u build a cells and how mach u charge people. (Im trying to start Wi-Fi company in NY)

Thanks!

Pricing information is confidential but what did you mean by "build a cell"?

We do the majority of work with small to medium size businesses.

Greg

im just trying to provide wi-fi access for home users: so what I desided to do is to place a banch of APs in side on one 7 floors building and then we have 3 18dBi Pach antennas on the roof. All of it is connected to the basement switch and to the router.

I think of buying DSL line for that location cause T1 will be a bit expansive. I also should mentiln that there are a lot of 5-7 floors buildings aroun here but my pach antennas signal doesnt go through anything,...

So I ment like how you deliver the connection to your users?
Would it be better for me to just provide fixed wireless, or try to go with mobile clients, how manu users can the DSL line handle.
And in your network do you connect sites through the wireless links or you have separate ground lines to each site?

Thanks!

Alex,

I don't understand your questions. Are you trying to provide wireless Internet access to home (apartment) users? Are you trying to link buildings with the 18dbi antennas?

Greg

Yes, Im trying to provide Internet access for apt.