+ Post New Thread
Results 1 to 10 of 10
Wireless Networks Thread, Wireless guest access in Technical; Hi all, After a little advice please! We have a Xirrus wireless network in place, at present it operates over ...
  1. #1

    Join Date
    Oct 2006
    Location
    England
    Posts
    90
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Wireless guest access

    Hi all,

    After a little advice please! We have a Xirrus wireless network in place, at present it operates over 2 VLANs.

    1. Vlan1 School wireless on the school network for school devices, at present only requires a password and filtered via our Lightspeed box with the SWGFL filter turned right down to the bare bones. A Radius server will be set up in the next couple of months for this.

    2. Vlan50 Guest wireless, totally seperate IP network with a Linux DHCP server and accesses the internet through a seperate port on our router, however it goes through the same SWGFL filter. We want to control who has access to this, i.e. limit it to 6th form, teachers, guests etc. School management want to have a system similar to, say, a hotel, with a webpage that they have to log into. How do other people do this?

    Any help appreciated. Regards

    nick

  2. #2
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,813
    Thank Post
    906
    Thanked 420 Times in 353 Posts
    Blog Entries
    12
    Rep Power
    87
    You will need some kind of captive portal to control user access granularly.

    We use Aruba here which has that included and can link to Active Directory if required.

  3. #3

    jinnantonnixx's Avatar
    Join Date
    Mar 2011
    Location
    In the Calamatorium.
    Posts
    1,985
    Thank Post
    114
    Thanked 505 Times in 340 Posts
    Blog Entries
    2
    Rep Power
    286
    I built something a bit similar recently.

    I used an Ubuntu server running Samba to verify usernames and passwords coming off a Cisco Radius client. The beauty of this approach was that the devices didn't have to be domain members, so phones, iPads and other stuff works great. But this was my design brief. Once authenticated using Samba, the Ubuntu server gave the device an IP address through DHCP.


    Cisco radius client> Ubuntu Radius server running Freeradius > authenticates using Samba against AD > Ubuntu DHCP server assigns IP address to client > client now on network.

    It actually works quite well, though it was a pain in the cheeks. I'd have a look at something like Packetfence before trying to roll your own.


    Some pages I bookmarked during this endeavour:
    http://phreek.org/guides/ubuntu-1204...-member-server
    http://deployingradius.com/documents...directory.html
    http://www.smallnetbuilder.com/wirel...part-2?start=1
    Last edited by jinnantonnixx; 19th March 2013 at 12:20 PM.

  4. #4

    Join Date
    Oct 2006
    Location
    England
    Posts
    90
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Thanks for that I'll have a look at those resources. I also didn't realise that Xirrus have something called Xirrus management Access, so I'll look at that.

    Thanks for the replies guys.

    Nick

  5. #5

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Xirrus Probably has a captive portal.

    If not we use pFsesne ( free linux security distro ) to run our BYOD captive portals.

    Rob

  6. #6
    Eappariello's Avatar
    Join Date
    Jan 2007
    Location
    London
    Posts
    72
    Thank Post
    41
    Thanked 16 Times in 14 Posts
    Rep Power
    18
    Your Lightspeed appliance can provide a captive portal linked to your directory system also, if you can run both VLANS through it.



    Quote Originally Posted by manick View Post
    Hi all,

    After a little advice please! We have a Xirrus wireless network in place, at present it operates over 2 VLANs.

    1. Vlan1 School wireless on the school network for school devices, at present only requires a password and filtered via our Lightspeed box with the SWGFL filter turned right down to the bare bones. A Radius server will be set up in the next couple of months for this.

    2. Vlan50 Guest wireless, totally seperate IP network with a Linux DHCP server and accesses the internet through a seperate port on our router, however it goes through the same SWGFL filter. We want to control who has access to this, i.e. limit it to 6th form, teachers, guests etc. School management want to have a system similar to, say, a hotel, with a webpage that they have to log into. How do other people do this?

    Any help appreciated. Regards

    nick

  7. #7

    Join Date
    Oct 2006
    Location
    England
    Posts
    90
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Hi Simon,

    At present the wireless guest doesn't go through the Rocket, although we are planning to upgrade to a newer server soon for it. In the end I've installed the PFsense Captive portal as a stopgap measure, works very well and very easy to set up!

    Thanks for the replies guys.

    Nick

  8. Thanks to manick from:

    Eappariello (23rd May 2013)

  9. #8

    Join Date
    Dec 2009
    Posts
    914
    Thank Post
    98
    Thanked 184 Times in 159 Posts
    Rep Power
    54
    Theres a difference between Guest and BYOD.

    If you do a captive portal as mentioned above, that allows your existing users to use the wireless, but thats a BYOD solution not a Guest.

    If you do a captive portal on a Guest wireless, what are they meant to put in to authenticate as they dont have AD details......

    In my head a guest wireless is for people external to school (visitors from other schools, local authority, parents, governors perhaps....) who need internet access, they'll have no AD credentials so can't login to a captive portal unless you give over a generic username and password to use.

    I think you need to decide if you want a Guest or a BYOD solution, then go from there.

    We do a BYOD and a Guest, the BYOD is dealt with by captive portal through Lightspeed and needs an AD account to login, the Guest does a Ruckus 'captive portal' I suppose and requires a Ruckus key to proceed and access the internet which has to be given over in reception.
    Last edited by RTFM; 23rd May 2013 at 11:24 AM.

  10. Thanks to RTFM from:

    zag (23rd May 2013)

  11. #9
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    Hi

    The guest users will have to autheniticate against active directory. You can use ntlm in squid see Features/Authentication - Squid Web Proxy Wiki it might give you some ideas for your setup.

    Richard

  12. #10

    Join Date
    Oct 2006
    Location
    England
    Posts
    90
    Thank Post
    1
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Hi RTFM,

    We, at present, want to only have school owned devices on our internal range as we only have 2000 IP addresses, as the majority of BYOD devices will be mobile phones, I'm not too fussed about allowing them access to the internal range as, apart from the internet, there's not too much they would use on the school network, although there are many ways with which they can gain access to their school stuff externally if they want to. Regarding authentication, I'm just setting users up individually at the moment, not too much trouble really and also for guests we are issuing vouchers. Don't get too caught up on the fact that we have named it 'Guest wireless' we still allow students and staff access to it. When we've got a dual bridge Lightspeed rocket, then I will look at setting authentication up via AD.

    Thanks for all the replies.

    nick

SHARE:
+ Post New Thread

Similar Threads

  1. Ruckus Wireless - Guest Access from Mac devices
    By Maxell in forum Wireless Networks
    Replies: 0
    Last Post: 2nd November 2011, 02:36 PM
  2. Need help and advice on wireless guest access proxy settings
    By sammy42 in forum Learning Network Manager
    Replies: 4
    Last Post: 6th October 2011, 08:43 AM
  3. HP msa750 wireless guest access?
    By nicholab in forum Wireless Networks
    Replies: 0
    Last Post: 9th October 2009, 09:27 AM
  4. Wireless Guest Access for PDA's,Laptops,IPhones using VLAN
    By steveo2000 in forum Wireless Networks
    Replies: 15
    Last Post: 28th July 2009, 11:07 AM
  5. Wireless Guest Access
    By steveo2000 in forum Internet Related/Filtering/Firewall
    Replies: 9
    Last Post: 19th March 2009, 06:41 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •