Re: [WISPA] UBNT APs: can they do UAM + DHCP on one fat AP?
Thanks, Sam. That is helpful. FWIW, I'm currently researching the following things on UBNT... 1) How exactly is UAM done on all Ubiquiti radios? Specifically, can an AP do the following... a) white lists an offsite portal page (e.g. NNU or Aptilo) b) redirects unauthorized users to this portal page? c) after client pays on portal page, tell the AP UAM webserver on Ubiquiti radio to authenticate the user d) pre-authenticate user MAC addresses that roam from other APs? 2) If a Ubiquiti device already services an SSID, how can it also serve a separate SSID that (a) does it's own UAM, and (b) does its own DHCP scope? Can I do this existing hardware? Or do I need to get a new radio for each new service? Ideally, I'd like to stack services on existing UBNT networks, as well as roll out new ones...hence the reason I'm hoping for some sort of simple UAM overlay. On Thu, Jul 5, 2012 at 5:03 PM, Sam Tetherow tethe...@shwisp.net wrote: This sounds pretty much like UniFi. The UniFi units do not handle the DHCP so you would need something handing out leases like a small Mikrotik box. You then add all the UniFi units that you want to be 'seamless' to the same network in the unifi controller. The unifi controller can be run anywhere that is reachable from the UniFi units (the UniFi's do not have to be reachable from the controller though, so then can be behind a NAT). On 07/04/2012 05:17 PM, Rogelio wrote: (Apologies if my questions are a bit naive, I'm still getting used to how Ubiquiti does things. I've always done things the traditional way in carrier networks, i.e. tunneling everything back to the core and then breaking out traffic accordingly). I have some questions about Ubiquiti's ability to integrate with UAM. I have a scenario where I will have approximately 1000-2000 APs scattered across different extremely rural areas with limited backhaul space. These areas will likely NOT have the expertise to properly babysit a core solution. In a past life, I've often just put in an access point with some sort of DHCP solution and UAM redirect. This AP plugged directly into the modem (DSL, cable, etc) and then got a public CPE address which I could manage remotely. When customers hit the open SSID, they got a spash page that was served by NetNearU (NetNearU.com), and when they authenticated, their MAC was whitelisted on for the duration of time. When they went to another AP that had a different DHCP server, their MAC address was pre-authenticated and they appeared (from their perspective to roam). A few questions on how I can do this The Ubiquiti Way. 1) Does Ubiquiti do DHCP at the edge on each AP? If not, is there some 3rd party software I can use? I understand if this is not supported and if I have to figure this out myself. That is not a problem. 2) Does Ubiquiti have a way of vectoring the users off to this database? I see that Chili has a plugin, and it looks relatively simple to integrate. Does this still work with the current OS? Or have things changed? http://coova.org/node/3685 3) Can someone recommend a hosted user database solution that is cheap and reliable? If I had to roll it myself, what would you recommend? 4) Do I have to use UniFi? Can I just script out some sort of login script to quickly deploy and configure these thigns? This project (if it takes off) could be about 1000-2000 thousand APs scattered across rural Africa and South America. I'm hoping for limited equipment at the edge (things like battery backups and customized antennas may be needed in some cases, but I'm hoping for limited network equipment). If anyone has any ideas or would like for me to connect them with the various decision makers, please feel free to contact me offline. I'm not looking to make anything off this project, just donate a little time in helping it get off the ground by asking the right questions. -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] UBNT APs: can they do UAM + DHCP on one fat AP?
Mikrotik would be much better for what your talking about doing. You are talking about a lot of router functions. UBNT has some ability but is mostly a Wireless OS. Where Mtik has some wireless ability but is a RouterOS. Steve Barnes General Manager PCS-WIN / RC-WiFi -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Rogelio Sent: Friday, July 06, 2012 6:37 AM To: Sam Tetherow Cc: WISPA General List Subject: Re: [WISPA] UBNT APs: can they do UAM + DHCP on one fat AP? Thanks, Sam. That is helpful. FWIW, I'm currently researching the following things on UBNT... 1) How exactly is UAM done on all Ubiquiti radios? Specifically, can an AP do the following... a) white lists an offsite portal page (e.g. NNU or Aptilo) b) redirects unauthorized users to this portal page? c) after client pays on portal page, tell the AP UAM webserver on Ubiquiti radio to authenticate the user d) pre-authenticate user MAC addresses that roam from other APs? 2) If a Ubiquiti device already services an SSID, how can it also serve a separate SSID that (a) does it's own UAM, and (b) does its own DHCP scope? Can I do this existing hardware? Or do I need to get a new radio for each new service? Ideally, I'd like to stack services on existing UBNT networks, as well as roll out new ones...hence the reason I'm hoping for some sort of simple UAM overlay. On Thu, Jul 5, 2012 at 5:03 PM, Sam Tetherow tethe...@shwisp.net wrote: This sounds pretty much like UniFi. The UniFi units do not handle the DHCP so you would need something handing out leases like a small Mikrotik box. You then add all the UniFi units that you want to be 'seamless' to the same network in the unifi controller. The unifi controller can be run anywhere that is reachable from the UniFi units (the UniFi's do not have to be reachable from the controller though, so then can be behind a NAT). On 07/04/2012 05:17 PM, Rogelio wrote: (Apologies if my questions are a bit naive, I'm still getting used to how Ubiquiti does things. I've always done things the traditional way in carrier networks, i.e. tunneling everything back to the core and then breaking out traffic accordingly). I have some questions about Ubiquiti's ability to integrate with UAM. I have a scenario where I will have approximately 1000-2000 APs scattered across different extremely rural areas with limited backhaul space. These areas will likely NOT have the expertise to properly babysit a core solution. In a past life, I've often just put in an access point with some sort of DHCP solution and UAM redirect. This AP plugged directly into the modem (DSL, cable, etc) and then got a public CPE address which I could manage remotely. When customers hit the open SSID, they got a spash page that was served by NetNearU (NetNearU.com), and when they authenticated, their MAC was whitelisted on for the duration of time. When they went to another AP that had a different DHCP server, their MAC address was pre-authenticated and they appeared (from their perspective to roam). A few questions on how I can do this The Ubiquiti Way. 1) Does Ubiquiti do DHCP at the edge on each AP? If not, is there some 3rd party software I can use? I understand if this is not supported and if I have to figure this out myself. That is not a problem. 2) Does Ubiquiti have a way of vectoring the users off to this database? I see that Chili has a plugin, and it looks relatively simple to integrate. Does this still work with the current OS? Or have things changed? http://coova.org/node/3685 3) Can someone recommend a hosted user database solution that is cheap and reliable? If I had to roll it myself, what would you recommend? 4) Do I have to use UniFi? Can I just script out some sort of login script to quickly deploy and configure these thigns? This project (if it takes off) could be about 1000-2000 thousand APs scattered across rural Africa and South America. I'm hoping for limited equipment at the edge (things like battery backups and customized antennas may be needed in some cases, but I'm hoping for limited network equipment). If anyone has any ideas or would like for me to connect them with the various decision makers, please feel free to contact me offline. I'm not looking to make anything off this project, just donate a little time in helping it get off the ground by asking the right questions. -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless -- Also on LinkedIn? Feel free to connect if you too are an open networker: scubac...@gmail.com ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
Re: [WISPA] UBNT APs: can they do UAM + DHCP on one fat AP?
Inline. On 07/06/2012 05:37 AM, Rogelio wrote: Thanks, Sam. That is helpful. FWIW, I'm currently researching the following things on UBNT... 1) How exactly is UAM done on all Ubiquiti radios? Specifically, can an AP do the following... a) white lists an offsite portal page (e.g. NNU or Aptilo) Yes, under guest control you specify it as 'External Portal Server' and set the custom portal IP and optional hostname (if using virtualhosts). b) redirects unauthorized users to this portal page? Yes, all traffic not authorized is sent to the portal page. c) after client pays on portal page, tell the AP UAM webserver on Ubiquiti radio to authenticate the user Yes there is an API that you can use to authenticate MAC addresses, the portal redirect sends uses to a PORTALIP/guest/ with two 'POST'ed arguments 'id' which is the MAC address of the connected client and 'url' which is the destination of the original web request. You can then perform any sort of authorization (payment, password verification, etc) and authorize the MAC to the UniFi controller for a specific amount of time. d) pre-authenticate user MAC addresses that roam from other APs? I have not tried this so I'm not 100% sure. Quick and dirty would to authorize the MAC address for a very long period of time (say 10 years). 2) If a Ubiquiti device already services an SSID, how can it also serve a separate SSID that (a) does it's own UAM, and (b) does its own DHCP scope? Can I do this existing hardware? Or do I need to get a new radio for each new service? UniFi units can service multiple 'Wireless Networks' which each have their own SSID and settings, you can have a network which has guest control as described above, another that has encryption and a third that is completely open. One thing to keep in mind, each additional 'Wireless Network' will reduce available throughput for each AP as some air time is spent on beacon traffic etc, I believe there is a hard limit of 4 networks, but I haven't tested anything more than 2. I am not sure what a UAM is, as for DHCP the UniFi units act as wireless bridges basically, DHCP needs to be handled with a seperate DHCP server, such as a Mikrotik. From a UniFi standpoint everything occurs at the MAC level so you could have multiple UniFi units operating in private IP space behind seperate NAT routers all belonging to the same 'Wireless Network' (which means they share the same SSID, access control, and management interface). Ideally, I'd like to stack services on existing UBNT networks, as well as roll out new ones...hence the reason I'm hoping for some sort of simple UAM overlay. Again, not sure what UAM stands for. UniFi is a seperate firmware used on the UniFi products (indoor, indoor longrange, outdoor outdoor 5Ghz, indoor dual band), you can also flash the PicoM2s with the unifi firmware for a single pol 2Ghz. On Thu, Jul 5, 2012 at 5:03 PM, Sam Tetherowtethe...@shwisp.net wrote: This sounds pretty much like UniFi. The UniFi units do not handle the DHCP so you would need something handing out leases like a small Mikrotik box. You then add all the UniFi units that you want to be 'seamless' to the same network in the unifi controller. The unifi controller can be run anywhere that is reachable from the UniFi units (the UniFi's do not have to be reachable from the controller though, so then can be behind a NAT). On 07/04/2012 05:17 PM, Rogelio wrote: (Apologies if my questions are a bit naive, I'm still getting used to how Ubiquiti does things. I've always done things the traditional way in carrier networks, i.e. tunneling everything back to the core and then breaking out traffic accordingly). I have some questions about Ubiquiti's ability to integrate with UAM. I have a scenario where I will have approximately 1000-2000 APs scattered across different extremely rural areas with limited backhaul space. These areas will likely NOT have the expertise to properly babysit a core solution. In a past life, I've often just put in an access point with some sort of DHCP solution and UAM redirect. This AP plugged directly into the modem (DSL, cable, etc) and then got a public CPE address which I could manage remotely. When customers hit the open SSID, they got a spash page that was served by NetNearU (NetNearU.com), and when they authenticated, their MAC was whitelisted on for the duration of time. When they went to another AP that had a different DHCP server, their MAC address was pre-authenticated and they appeared (from their perspective to roam). A few questions on how I can do this The Ubiquiti Way. 1) Does Ubiquiti do DHCP at the edge on each AP? If not, is there some 3rd party software I can use? I understand if this is not supported and if I have to figure this out myself. That is not a problem. 2) Does Ubiquiti have a way of vectoring the users off to this database? I see that Chili has a plugin, and it looks relatively
Re: [WISPA] UBNT APs: can they do UAM + DHCP on one fat AP?
Unless he is looking at overlaying on an existing network (as is alluded to at the bottom of this email), UniFi will handle basically everything he is asking for with about 1 hour worth of custom scripting for the authentication/payment piece. Mikrotik will certainly handle this, but the implementation time would be significantly more. If he is wanting to do this over the top of an existing network, then UniFi would not work, but Mikrotik certainly will. On 07/06/2012 07:44 AM, Steve Barnes wrote: Mikrotik would be much better for what your talking about doing. You are talking about a lot of router functions. UBNT has some ability but is mostly a Wireless OS. Where Mtik has some wireless ability but is a RouterOS. Steve Barnes General Manager PCS-WIN / RC-WiFi -Original Message- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Rogelio Sent: Friday, July 06, 2012 6:37 AM To: Sam Tetherow Cc: WISPA General List Subject: Re: [WISPA] UBNT APs: can they do UAM + DHCP on one fat AP? Thanks, Sam. That is helpful. FWIW, I'm currently researching the following things on UBNT... 1) How exactly is UAM done on all Ubiquiti radios? Specifically, can an AP do the following... a) white lists an offsite portal page (e.g. NNU or Aptilo) b) redirects unauthorized users to this portal page? c) after client pays on portal page, tell the AP UAM webserver on Ubiquiti radio to authenticate the user d) pre-authenticate user MAC addresses that roam from other APs? 2) If a Ubiquiti device already services an SSID, how can it also serve a separate SSID that (a) does it's own UAM, and (b) does its own DHCP scope? Can I do this existing hardware? Or do I need to get a new radio for each new service? Ideally, I'd like to stack services on existing UBNT networks, as well as roll out new ones...hence the reason I'm hoping for some sort of simple UAM overlay. On Thu, Jul 5, 2012 at 5:03 PM, Sam Tetherowtethe...@shwisp.net wrote: This sounds pretty much like UniFi. The UniFi units do not handle the DHCP so you would need something handing out leases like a small Mikrotik box. You then add all the UniFi units that you want to be 'seamless' to the same network in the unifi controller. The unifi controller can be run anywhere that is reachable from the UniFi units (the UniFi's do not have to be reachable from the controller though, so then can be behind a NAT). On 07/04/2012 05:17 PM, Rogelio wrote: (Apologies if my questions are a bit naive, I'm still getting used to how Ubiquiti does things. I've always done things the traditional way in carrier networks, i.e. tunneling everything back to the core and then breaking out traffic accordingly). I have some questions about Ubiquiti's ability to integrate with UAM. I have a scenario where I will have approximately 1000-2000 APs scattered across different extremely rural areas with limited backhaul space. These areas will likely NOT have the expertise to properly babysit a core solution. In a past life, I've often just put in an access point with some sort of DHCP solution and UAM redirect. This AP plugged directly into the modem (DSL, cable, etc) and then got a public CPE address which I could manage remotely. When customers hit the open SSID, they got a spash page that was served by NetNearU (NetNearU.com), and when they authenticated, their MAC was whitelisted on for the duration of time. When they went to another AP that had a different DHCP server, their MAC address was pre-authenticated and they appeared (from their perspective to roam). A few questions on how I can do this The Ubiquiti Way. 1) Does Ubiquiti do DHCP at the edge on each AP? If not, is there some 3rd party software I can use? I understand if this is not supported and if I have to figure this out myself. That is not a problem. 2) Does Ubiquiti have a way of vectoring the users off to this database? I see that Chili has a plugin, and it looks relatively simple to integrate. Does this still work with the current OS? Or have things changed? http://coova.org/node/3685 3) Can someone recommend a hosted user database solution that is cheap and reliable? If I had to roll it myself, what would you recommend? 4) Do I have to use UniFi? Can I just script out some sort of login script to quickly deploy and configure these thigns? This project (if it takes off) could be about 1000-2000 thousand APs scattered across rural Africa and South America. I'm hoping for limited equipment at the edge (things like battery backups and customized antennas may be needed in some cases, but I'm hoping for limited network equipment). If anyone has any ideas or would like for me to connect them with the various decision makers, please feel free to contact me offline. I'm not looking to make anything off this project, just donate a little time in helping it get off the ground by
Re: [WISPA] Tracking Mac
At 09:41 AM 7/5/2012, you wrote: How does one do a trace route on MAC. Apparently I have used an IP address somewhere and didn't If you have a UNIX box of any kind, you'll see the MAC collisions on the console. Rk ___ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
