Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wireless Hotspots in a Large Environment?

Posted by Cliff on from the widespread-working-wifi dept.

matth asks: "So here at work we provide wireless internet access to customers all over our city, and into suburbia, via Alvarion radio gear. We have a large number of customers that are places like pubs, libraries, restaurants, etc. We would like to, in conjunction with these locations, setup up a public Wi-Fi network. The problem is getting the mac address back through to a central authorization server. What experience have others had in setting up a Wi-Fi hotspot network over a city, and allowing a user to register at one location and get on at any of the various locales?"

22 comments

  1. Boston Area Example by Anonymous Coward · · Score: 1, Interesting

    I'm not affiliated with these guys, but I've been surfing in and out every once in a while. You might want to ask them a question on their forum. http://www.newburyopen.net/

  2. HP by dJCL · · Score: 0, Informative

    I've been in a recent presentation about HP wireless hotspot hardware(well, networking in general, we were checking out their switches, but the guy wanted to get our attention on some other stuff too) and they had a setup that used a centralised device to manage everything, and local hardware to run a wireless network with roaming on. It looked to be designed to be put into an exsisting environment, and just work, but we have not really bothered to check it out, as none of our custmers need it. You might want to give you closes HP supplier a call, if only to see the tech, they like to try to sell stuff, so it should cost you nothing.

    --
    On Arrakis: early worm gets the bird. Magister mundi sum!
  3. NoCatNet by waffle+zero · · Score: 2, Interesting

    Have you looked into NoCatNet? The group works on a wireless network and the software that makes it possible (NoCatAuth). From what I gather the prefered configuration involves a central authentication server seperate from each gateway.

  4. One way to do it. by bob_jordan · · Score: 3, Interesting

    You could allow everyone to connect regardless but use a VPN client on the customers machine to allow internet access.

    The only problem here is that people could connect just to play online games with other connected people or run VOIP style apps but would this be a problem? If you only intend to charge for internet access, allowing people IP access to each other would be a way of getting them to try the system first.

    Bob.

  5. Radius by sfire · · Score: 2, Interesting

    With my work, I have hostapd set up with a radius server for authentication. I specifically use x.509 certs, but you could probably use leap, or some other 802.1x.

  6. WiFi network authentication by 8282now · · Score: 1

    One way to do it would be require that all ap's utilize an external authentication system, usually via radius server, tacacs or other authentication server. When a user is auth'd on one, grab the corresponding mac and permit for whatever session period you choose.

    I understand that the nocat system is also great for authenticated access.

  7. I SHOULD ALSO NOTE by matth · · Score: 1

    We are trying to make it as easy for the customer (ie no third party software).. and would like to have a 'greeting' page that comes up if they aren't authenticated by bring up a web browser.

  8. mac addresses by akb · · Score: 1

    The problem is getting the mac address back through to a central authorization server.

    Relying on MAC addresses is not secure. VPN, 802.1x, and NoCat are better.

  9. Simple Solution by Anonymous Coward · · Score: 0

    There is no need to have the MAC registered. Just set the WiFi up so that it is open... people with Windows XP or software for Wireless will be able to auto-connect with ease.

    1. Re:Simple Solution by Yottabyte84 · · Score: 1

      I worf for a WiFi ISP. We set up our hotspots like this. Wide open. It's not worth the trouble to do authentication.

    2. Re:Simple Solution by DA-MAN · · Score: 1

      How/who do you charge? Do you use NoCat or some other authentication software or just let anyone on and accept donations?

      --
      Can I get an eye poke?
      Dog House Forum
    3. Re:Simple Solution by matth · · Score: 1

      See the issue we are faceing is:

      A) We want to make it free (I think that's what the higher ups are thinking).. but want a slight level of accountability.. (I argue what's to keep someone from filling the form in laksjdflkajsdflkjasdflkj) but anyway.

      B) The higherups would like a 'splash page' that is displayed when you aren't authorized, which, ot my knowledge, can't be done via 802.1x radius. (which BTW seems to work fairly nice.. hehe)

    4. Re:Simple Solution by DA-MAN · · Score: 1

      A) We want to make it free (I think that's what the higher ups are thinking).. but want a slight level of accountability.. (I argue what's to keep someone from filling the form in laksjdflkajsdflkjasdflkj) but anyway.

      Sounds good, why not require an authentication system like NoCat and only allow certain types of traffic in and out, like http, https, ssh, pop, imap, and block the rest.

      B) The higherups would like a 'splash page' that is displayed when you aren't authorized, which, ot my knowledge, can't be done via 802.1x radius. (which BTW seems to work fairly nice.. hehe)

      Sounds like they want NoCat.

      --
      Can I get an eye poke?
      Dog House Forum
    5. Re:Simple Solution by Yottabyte84 · · Score: 1

      We charge the businesses where the service is offered. We also happen to be a company that offers DSL, so we run DSL lines out, and use those instead of T1, which saves massive amounts of money. The businesses pay for it because it gets the students (there is a faily big university in town) will sit around, and buy food and drinks while doing homework and whatnot.

  10. Allegany County Maryland by ej0c · · Score: 2, Informative

    You may not want to follow folks who can't spell Allegheny, but the leaders of the Cumberland Gap area have set a pretty audacious task. They want people in their remote mountain area to all have access.
    http://www.gov.allconet.org/about.htm

    Allconet2 seems to be the wifi part:
    http://prime.allconet.org/allconet2/

    http://gov.allconet.org/tech/welcome.htm

    Ed

  11. NoCat is the only way to go by seancallaway · · Score: 1

    Some friends of mine are planning to start an ISP that provides wireless internet access (no overhead of the dial-up lines and its faster). Being the geek that I am, they asked me to design their infrastructure. They are placing Wireless Access Points connected to gateways in a few locations around the city. Those gateways (running NoCat) look to a central authentication server (also running NoCat, but with MySQL) to verify usernames and passwords. If you're charging for access as they are, you can setup the authentication server with Apache-SSL and PHP so you can process payments.

  12. Nomadix / Colubris / IP3? by darrelld2 · · Score: 1


    I'm not sure what you are trying to do, but odds are you want to make sure the user authenticates to a Radius server. Any one of the boxes mentioned above will allow you to controll the splash page, etc. Colubris is actually an Access Point also, so it kills two birds with one stone. Your users associate to it, it NAT's out through the Alvarion box (which accepts one MAC address, right?). Bingo, problem solved. Then you need to set up authentication and process your money....Done deal.

  13. OneCleveland by Anonymous Coward · · Score: 0

    Check out http://onecleveland.org. You may be able to get some info from the people that set up this wifi network....it is one of the largest in the world supposedely.