+ Post New Thread
Results 1 to 11 of 11
Internet Related/Filtering/Firewall Thread, UniFi + Smoothwall Express + Radius in Technical; Hey guys, I'm in the process of getting quotes and trying to budget for our very own Smoothwall UTM but ...
  1. #1
    Nick_Parker's Avatar
    Join Date
    Jan 2008
    Location
    Dainfern, South Africa
    Posts
    473
    Thank Post
    100
    Thanked 18 Times in 13 Posts
    Rep Power
    18

    UniFi + Smoothwall Express + Radius

    Hey guys,

    I'm in the process of getting quotes and trying to budget for our very own Smoothwall UTM but in the meantime I'm busy playing around with Smoothwall Express.

    We have a UniFi wireless network setup to authenticate to a Radius server (Server 2008) and with our current UTM (Cyberoam) users are required to sign in using a captive portal for internet access. Is there anyway in Smoothwall express (I'm pretty sure this exists in Smoothwall proper) that users will not need to authenticate again given that they've already authenticated (via Radius)?

    So perfect scenario for BYOD:

    Users arrive with their devices, connect to Wifi using Radius (AD credentials) and then are authenticated for internet use with no need to authenticate again.
    Internet server, in this case Smoothwall Express, is still able to track and log that users internet usage by username?

    Thanks!

  2. #2
    MicrodigitUK's Avatar
    Join Date
    May 2007
    Location
    Wiltshire
    Posts
    340
    Thank Post
    38
    Thanked 56 Times in 52 Posts
    Rep Power
    25
    I have set this up and it works really well.

    You are going to need full Smoothwall though I'm afraid.

    Have you seen the article on this blog. Followed this to setup for my Smoothwall with 802.1x for BYOD and work excellently. Worth the price for full Smoothwall.

    http://www.davesdowntime.co.uk/?p=513

  3. #3
    Nick_Parker's Avatar
    Join Date
    Jan 2008
    Location
    Dainfern, South Africa
    Posts
    473
    Thank Post
    100
    Thanked 18 Times in 13 Posts
    Rep Power
    18
    @MicrodigitUK thanks very much, I'll have a look through and hopefully we get a Smoothwall UTM soon

  4. #4
    Nick_Parker's Avatar
    Join Date
    Jan 2008
    Location
    Dainfern, South Africa
    Posts
    473
    Thank Post
    100
    Thanked 18 Times in 13 Posts
    Rep Power
    18
    @MicrodigitUK If I wanted to keep all clients on the same LAN, no VLANing, is it still possible?

  5. #5
    MicrodigitUK's Avatar
    Join Date
    May 2007
    Location
    Wiltshire
    Posts
    340
    Thank Post
    38
    Thanked 56 Times in 52 Posts
    Rep Power
    25
    No you will need a new BYOD VLAN/subnet where the Smoothwall acts as the DHCP server.

    You authenticate through WiFi and using 802.1x it speaks to Smoothwall that then speaks to AD to check credentials. Then Smoothwall uses 802.1x to link to its DHCP table. This links the user to the device IP/MAC address. Then Smoothwall is set as default gateway so acts at transparent proxy using its DHCP table as an auth lookup. So it needs it's own VLAN where Smoothwall is gateway and DHCP server.

  6. #6
    Nick_Parker's Avatar
    Join Date
    Jan 2008
    Location
    Dainfern, South Africa
    Posts
    473
    Thank Post
    100
    Thanked 18 Times in 13 Posts
    Rep Power
    18
    @MicrodigitUK Okey dokey, thanks very much

  7. #7
    Nick_Parker's Avatar
    Join Date
    Jan 2008
    Location
    Dainfern, South Africa
    Posts
    473
    Thank Post
    100
    Thanked 18 Times in 13 Posts
    Rep Power
    18
    @MicrodigitUK Smoothwall unit just arrived! Gonna give it a try! Just a thought, what happens to iPads that are now on a different VLAN and need to print to an AirPrint server that isn't on that VLAN?

  8. #8
    MicrodigitUK's Avatar
    Join Date
    May 2007
    Location
    Wiltshire
    Posts
    340
    Thank Post
    38
    Thanked 56 Times in 52 Posts
    Rep Power
    25
    Cool. I have routing between VLANs with a Access Control List letting traffic through to Apple print server. My Wi-Fi system is Aruba with a MDNS proxy service called Airgroup. There are free Linux MDNS setups that have a NIC on each subnet, but luckily for me my Aruba Wi-Fi dose that for me.

  9. Thanks to MicrodigitUK from:

    Nick_Parker (4th March 2014)

  10. #9
    Nick_Parker's Avatar
    Join Date
    Jan 2008
    Location
    Dainfern, South Africa
    Posts
    473
    Thank Post
    100
    Thanked 18 Times in 13 Posts
    Rep Power
    18
    Thanks @MicrodigitUK, I reckon I might have bigger problems than all the printing. Most of our staff have laptops that would be connecting to the WiFi and they would need access to printers and all the other servers.

  11. #10
    MicrodigitUK's Avatar
    Join Date
    May 2007
    Location
    Wiltshire
    Posts
    340
    Thank Post
    38
    Thanked 56 Times in 52 Posts
    Rep Power
    25
    New SSID for BYOD and then look at routing with a ACL. What type of core switch do you have? Dose it support VLANS and routing?

  12. #11
    Nick_Parker's Avatar
    Join Date
    Jan 2008
    Location
    Dainfern, South Africa
    Posts
    473
    Thank Post
    100
    Thanked 18 Times in 13 Posts
    Rep Power
    18
    They're all HP Layer 2 so I reckon they all do



SHARE:
+ Post New Thread

Similar Threads

  1. Clam AV on Smoothwall Express
    By FN-GM in forum *nix
    Replies: 26
    Last Post: 16th June 2009, 06:21 PM
  2. Smoothwall Express Question
    By FN-GM in forum Wireless Networks
    Replies: 14
    Last Post: 13th September 2008, 07:36 PM
  3. Smoothwall Express Error
    By netadmin in forum *nix
    Replies: 8
    Last Post: 9th October 2007, 08:44 AM
  4. Anyone recommend Smoothwall Express?
    By OverWorked in forum *nix
    Replies: 15
    Last Post: 26th January 2006, 12:37 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •