Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Campus Hotspot portal - Design and requirement suggestions

Campus Hotspot portal - Design and requirement suggestions 8 years 5 months ago #25681

  • lawin
  • lawin's Avatar
  • Offline
  • New Member
  • Posts: 15
  • Karma: 0
We have several buildings in the campus that have wireless access points in each floors and lobby and in the library. These are all Open system, meaning anyone who brings their wireless devices can connect and access the internet. Because this is a school facility, we want to restrict the access only to our students and faculties. We don't want to use MAC Filters, WEP, WAP as the security but instead, we want a system similar to some private hotspots where who ever connects to any of our waps, they will get our website first, and to get to the internet, they have to be authenticated by entering say, username and password or a pin or something similar.

Can anyone tell me what I need to achieve this setup? We use a mixture of Linksys WRT54GS and Edimax WAPS in our network. All Linksys are using the latest DD-WRT firmware.

TIA
The administrator has disabled public write access.

Re: Campus Hotspot portal - Design and requirement suggestions 8 years 5 months ago #25702

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
To enforce the internet access you could use an http proxy with authentication. This will challenge any user trying to connect through and they will have to authenticate to get access. There are several products and open source solutions that will do this. You should consider the way authentication might work too, simplest way is an internal user/password scheme on the proxy but then you have to maintain that. Or you could link to an external authentication source such as RADIUS or TACACS server or even Active Directory. One more thing to consider is that the above will only restrict http - you need to consider other types of traffic and either block them completely or have them authenticate too. Remember that by not restricting wireless access you could have people poking around from the inside and trying to break your network
The administrator has disabled public write access.

Re: Campus Hotspot portal - Design and requirement suggestions 8 years 5 months ago #25706

  • beexo
  • beexo's Avatar
  • Offline
  • Frequent Member
  • Posts: 78
  • Karma: 0
Like TheBishop said, a proxy with authentication would be a simple but not best solution.

Sometime ago Tomshardware wrote an article abot setting up a kind of hotspot with M0N0WALL. This migth be the sort of thing you are looking for.

There is also opensource software such as zeroshell that will turn a pc into a captive portal.

Also, you can buy a router with built-in hot-spot functionality.

In my opinion, the best would be to use some type of captive portal plus the use of a content filtering system.
The administrator has disabled public write access.

Re: Campus Hotspot portal - Design and requirement suggestions 8 years 5 months ago #25722

  • lawin
  • lawin's Avatar
  • Offline
  • New Member
  • Posts: 15
  • Karma: 0
To enforce the internet access you could use an http proxy with authentication. This will challenge any user trying to connect through and they will have to authenticate to get access. There are several products and open source solutions that will do this. You should consider the way authentication might work too, simplest way is an internal user/password scheme on the proxy but then you have to maintain that. Or you could link to an external authentication source such as RADIUS or TACACS server or even Active Directory. One more thing to consider is that the above will only restrict http - you need to consider other types of traffic and either block them completely or have them authenticate too. Remember that by not restricting wireless access you could have people poking around from the inside and trying to break your network

This company doesn't use AD for authentication or use any sort of authentication for users for now. A plan is being layed out to go to that as part of the network upgrade but for now, I am concern about the open wap that they have here. RADIUS is where we might be considering for authentication.
Like TheBishop said, a proxy with authentication would be a simple but not best solution.

Sometime ago Tomshardware wrote an article abot setting up a kind of hotspot with M0N0WALL. This migth be the sort of thing you are looking for.

There is also opensource software such as zeroshell that will turn a pc into a captive portal.

Also, you can buy a router with built-in hot-spot functionality.

In my opinion, the best would be to use some type of captive portal plus the use of a content filtering system.

I looked at m0n0wall as you mentioned and also the article at tomshardware you mentioned and also about the zeroshell. It's interesting to know about different posibilities to achieve captive portal for wireless access with authentication. But I still need to get some hardwares and softwares to start with and try it.

Thanks for you Bishop and beexo. I have to get the FreeRADIUS running first.
The administrator has disabled public write access.
Time to create page: 0.119 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup