Internet Related/Filtering/Firewall Thread, UniFi + Smoothwall Express + Radius in Technical; Hey guys,
I'm in the process of getting quotes and trying to budget for our very own Smoothwall UTM but ...
26th January 2014, 09:20 AM #1
UniFi + Smoothwall Express + Radius
I'm in the process of getting quotes and trying to budget for our very own Smoothwall UTM but in the meantime I'm busy playing around with Smoothwall Express.
We have a UniFi wireless network setup to authenticate to a Radius server (Server 2008) and with our current UTM (Cyberoam) users are required to sign in using a captive portal for internet access. Is there anyway in Smoothwall express (I'm pretty sure this exists in Smoothwall proper) that users will not need to authenticate again given that they've already authenticated (via Radius)?
So perfect scenario for BYOD:
Users arrive with their devices, connect to Wifi using Radius (AD credentials) and then are authenticated for internet use with no need to authenticate again.
Internet server, in this case Smoothwall Express, is still able to track and log that users internet usage by username?
26th January 2014, 07:49 PM #2
I have set this up and it works really well.
You are going to need full Smoothwall though I'm afraid.
Have you seen the article on this blog. Followed this to setup for my Smoothwall with 802.1x for BYOD and work excellently. Worth the price for full Smoothwall.
30th January 2014, 12:42 PM #3
@MicrodigitUK thanks very much, I'll have a look through and hopefully we get a Smoothwall UTM soon
30th January 2014, 06:29 PM #4
@MicrodigitUK If I wanted to keep all clients on the same LAN, no VLANing, is it still possible?
30th January 2014, 06:49 PM #5
No you will need a new BYOD VLAN/subnet where the Smoothwall acts as the DHCP server.
You authenticate through WiFi and using 802.1x it speaks to Smoothwall that then speaks to AD to check credentials. Then Smoothwall uses 802.1x to link to its DHCP table. This links the user to the device IP/MAC address. Then Smoothwall is set as default gateway so acts at transparent proxy using its DHCP table as an auth lookup. So it needs it's own VLAN where Smoothwall is gateway and DHCP server.
30th January 2014, 07:35 PM #6
@MicrodigitUK Okey dokey, thanks very much
1st March 2014, 12:34 PM #7
@MicrodigitUK Smoothwall unit just arrived! Gonna give it a try! Just a thought, what happens to iPads that are now on a different VLAN and need to print to an AirPrint server that isn't on that VLAN?
1st March 2014, 01:00 PM #8
Cool. I have routing between VLANs with a Access Control List letting traffic through to Apple print server. My Wi-Fi system is Aruba with a MDNS proxy service called Airgroup. There are free Linux MDNS setups that have a NIC on each subnet, but luckily for me my Aruba Wi-Fi dose that for me.
Thanks to MicrodigitUK from:
Nick_Parker (4th March 2014)
4th March 2014, 11:47 AM #9
Thanks @MicrodigitUK, I reckon I might have bigger problems than all the printing. Most of our staff have laptops that would be connecting to the WiFi and they would need access to printers and all the other servers.
4th March 2014, 11:51 AM #10
New SSID for BYOD and then look at routing with a ACL. What type of core switch do you have? Dose it support VLANS and routing?
4th March 2014, 12:41 PM #11
They're all HP Layer 2 so I reckon they all do
Last Post: 16th June 2009, 06:21 PM
By FN-GM in forum Wireless Networks
Last Post: 13th September 2008, 07:36 PM
By netadmin in forum *nix
Last Post: 9th October 2007, 08:44 AM
By OverWorked in forum *nix
Last Post: 26th January 2006, 12:37 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)