I recommend the Colubris CN3000 and the Zyzel 4000 for multi-AP deployments and the AP2500 or StarOS for single AP deployments. It is relatively easy to build a prepaid card engine due to the modular approach of FreeRadius. I have built one, and have another customer in the queue for this type of application. If you need help contact me off-list.
Jeremy -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Brynjar Hauksson Sent: Tuesday, September 16, 2003 10:28 AM To: [EMAIL PROTECTED]; 'Tom Emerson' Cc: [EMAIL PROTECTED] Subject: RE: Wi-fi hotspot Hi Tom What prepaid system did you get? I've been searching for these systems with little success? Thanks in advance Kveðja / Best regards / ด้วยความคิดถึง Brynjar Hauksson ICQ# 15512204 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Emerson Sent: Tuesday, September 16, 2003 2:47 PM To: [EMAIL PROTECTED] Subject: Re: Wi-fi hotspot On Monday 15 September 2003 1:34 pm, Juliano Moises da Luz wrote: > Can someone point me some documentation about how to setup hotspot > authenticantion? As Alan mentioned, there is no one simple answer -- mainly because there are several ways of doing "a hotspot", some of which do not even NEED a "radius" server! > I need to setup a wi-fi hotspot and I am a little confused. I've already > configured radius to authenticate users based on mac addresses, but i'm not > sure this is the best way. A better place to begin is with the "Access point" you'll be using [hereafter referred to as a "NAS"] Some will do "all the work" for you [like the Proxim/Orinoco AP-2500 that I have] while others will require a behind-the-scenes approach [such as grabbing the least expensive AP at Circuit City or Best Buy, then hanging it off of a used/refurbished system running linux to act as a "gateway"] Generally the NAS will be responsible for managing connections, IP addresses, and so on. The proxim that I have will intercept a web-request, put up a banner and a login screen, authenticate against an external RADIUS, and enforce time limits if specified in the "reply" packet. Using a program such as NOCAT will let you do the same in a roll-your-own environment. The next question to consider is "are users going to pay for access?" For instance, in a coffee-shop environment, it might make sense to "give away" access time (i.e., don't charge at all) and use it as a "draw" to get customers into the building. [otoh, coffee-house clientelle are often "leeches" in that they will gladly sit around all day using your internet connection without a hint of a purchase...] On the third hand, however, folks who hang out at a coffee house are "regular" customers, so a "monthly rate" is often a good compromise. Other locations, such as an airport or hotel, have a much more "fluid" clientelle -- you'll never see the same guy twice in a month [unless he's the pilot...] so these people you want to hit with a per-hour rate, or even per-quarter-hour [heck, T-mobile charges BY THE MINUTE] The next question is HOW are they going to pay? cash is always the easiest, but may lead to difficulties depending on the location [that airport again...] Credit cards billed-as-used are great, but may require a merchant account [which is OK if you are the owner of the location -- you're probably already set up for such...] Again, the NAS may play a role in this -- the Proxim can be configured to talk to an "industry standard" [hah!] website and thus manage the billing for you. With a roll-your-own, well, you'll be rolling it anyway, might as well build a custom merchant/CC gateway while you're at it... In my case I opted for a pre-paid/pre-printed "card" system. I generate a number of user ID's and passwords, each with an hour's worth of "time" associated with it, then print regular business-cards with the logo, user ID, and password. Since these are stored in a locked drawer behind the counter, I don't need fancy "scratch-off" style cards. One "hotspot-in-a-box" vendor actually has a thermal printer included with the setup -- pressing a button generates a user ID/password "on the fly" and allocates some amount of time to it. I've ALSO set up an interesting compromise to the aformentioned "leech" problem: I've set up a "counter" that tallies time on a per-MAC basis, with a limit of 15 minutes per day. This actually uses a set user ID/password combo, which is actually included in the login banner. This lets people use it seemingly like a promo ("with the purchase of a drink, you get...") yet doesn't require extensive configuration on my part [i.e., building potentially hundreds of "15 minute user ID's"] [search the archive for details -- I have posted the configuration items neccesary to do this] There are probably lots of other things that can be brought up for discussion, but notice VERY LITTLE of the above discussion really "needs" (or involves) Radius -- the NAS/AP can be configured with a list of known acceptible MAC addresses and/or set for "billing" people via a credit card, or you may be in a "don't care" situation in which case you really only need a "typical" consumer/home "wireless access point" set with a known SSID (and with a DHCP server enabled internally...) About the only thing you'll need a radius server for is managing "pre-printed" access cards (in which case you'll really be managing a mysql or postgresql database...) or "monthly subscribers" -- Yet another Blog: http://osnut.homelinux.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
