Can also drop the Aps on to a different VLAN, give out different Ips from your hotspot too if needed.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete Davis Sent: Saturday, March 03, 2007 9:26 PM To: WISPA General List Subject: Re: [WISPA] School wants authentication I think the Mikrotik hotspot would work well for you. The flexibility is nice. You can edit the HTML code. At one location, a hotel, the users click the link that would be normally for "demo available", but it says "I agree to terms and service" The user/pw entries are hidden. The demo is set for 24 hrs, with "re-allow login" set to 1 second. At another location, I hid the password, and gave the users login names and blank passwords. This simplifies the login process, and the user's names are their last names. One login at a time. In this situation, you can use the standard user/pw in the school. Put in user/pw pairs of student ID number (or SS number) and the last name for the pw. If there are a LOT of students, a radius server would be logical. This gives the students the idea that their activity is logged, and their access is subject to revocation. This allows you to disable accounts for those who abuse the service. If you do this, you can leave the Access points all open with little risk for theft of service. pd John Scrivner wrote: > I have a customer who is a high school. They have fiber run to switches > in 10 buildings. All of those buildings are connected through one giant > private class B via a DHCP server. We serve wireless to 100% of the > campus, indoors and out, over this same network with several bridged APs > (all certified and not exceeding any power rules - I promise). They > would like authentication of users. I tried setting WPA2 with Radius > Auth and created a mess. Every time the AP signal would hand off from > one AP to another (which happens every couple of minutes or more often) > the system would force re-authentication. It is a bit of a mess. > Configuration of Windows XP for Radius Auth on WPA2 reminds me of the > bad old days of having to tweak Trumpet Winsock or dealing with Windows > Dial-up Adapter version 1.0. > > We had another issue with the APs just constantly forcing > re-authentication via Radius. We have opted for WPA2 Passphrase to > deliver AES encryption for now. This still leaves us with the > authentication issue. They currently have a DHCP server with zero > logging of users. People just connect and get an IP. It is a mess. I > want to propose a better solution. > > I would like to see an authentication solution via a hotspot portal or > equivalent which would force credentials be delivered by a user before > any user has access to anything via wired or wireless network. Does > anyone know a good way to do this? I have many ideas but I have never > really done this and I would like to hear what others would propose to > see if my ideas mesh or not. It is also good to see how others handle > this type of situation. I am leaning to a Mikrotik hotspot gateway which > I think will do it all. What say the rest of you? > Scriv > > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.5.446 / Virus Database: 268.18.6/709 - Release Date: 3/3/2007 08:12 -- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
