Wireless Hotspots in a Large Environment? 22
matth asks: "So here at work we provide wireless internet access to customers all over our city, and into suburbia, via Alvarion radio gear. We have a large number of customers that are places like pubs, libraries, restaurants, etc. We would like to, in conjunction with these locations, setup up a public Wi-Fi network. The problem is getting the mac address back through to a central authorization server. What experience have others had in setting up a Wi-Fi hotspot network over a city, and allowing a user to register at one location and get on at any of the various locales?"
Boston Area Example (Score:1, Interesting)
NoCatNet (Score:3, Interesting)
Have you looked into NoCatNet [nocat.net]? The group works on a wireless network and the software that makes it possible (NoCatAuth). From what I gather the prefered configuration involves a central authentication server seperate from each gateway.
One way to do it. (Score:4, Interesting)
The only problem here is that people could connect just to play online games with other connected people or run VOIP style apps but would this be a problem? If you only intend to charge for internet access, allowing people IP access to each other would be a way of getting them to try the system first.
Bob.
Radius (Score:2, Interesting)
WiFi network authentication (Score:1)
I understand that the nocat system is also great for authenticated access.
I SHOULD ALSO NOTE (Score:2)
mac addresses (Score:2)
Relying on MAC addresses is not secure. VPN, 802.1x, and NoCat are better.
Re:Simple Solution (Score:1)
Re:Simple Solution (Score:2)
Re:Simple Solution (Score:2)
A) We want to make it free (I think that's what the higher ups are thinking).. but want a slight level of accountability.. (I argue what's to keep someone from filling the form in laksjdflkajsdflkjasdflkj) but anyway.
B) The higherups would like a 'splash page' that is displayed when you aren't authorized, which, ot my knowledge, can't be done via 802.1x radius. (which BTW seems to work fairly nice.. hehe)
Re:Simple Solution (Score:2)
Sounds good, why not require an authentication system like NoCat and only allow certain types of traffic in and out, like http, https, ssh, pop, imap, and block the rest.
B) The higherups would like a 'splash page' that is displayed when you aren't authorized, which, ot my knowledge, can't b
Re:Simple Solution (Score:1)
Allegany County Maryland (Score:2, Informative)
http://www.gov.allconet.org/about.htm
Allconet2 seems to be the wifi part:
http://prime.allconet.org/allconet2/
http://gov.allconet.org/tech/welcome.htm
Ed
NoCat is the only way to go (Score:1)
Nomadix / Colubris / IP3? (Score:1)
I'm not sure what you are trying to do, but odds are you want to make sure the user authenticates to a Radius server. Any one of the boxes mentioned above will allow you to controll the splash page, etc. Colubris is actually an Access Point also, so it kills two birds with one stone. Your users associate to it, it NAT's out through the Alvarion box (which accepts one MAC address, right?). Bingo, problem solved. Then you need to set up authentication and process your money....Done deal.