Sign in to follow this  
Followers 0
Original Poster

wireless log in tips?

14 posts in this topic

Ok basically I am designing a large network which has to handle anywhere between 500-2000 people and have wireless.... fine wireless all good no problem but the network has sensitive information within it and I need to log everyone who uses the wireless so no generic passwords...

I need every user to have an individual login to the internet/wirless, so I am guessing leave the wireless open and then have a server as a middle man and wait for some kind of authentication?

I can think how it would work in theory but I dont really know what I should do any pointers you can give would help ?

Share this post


Link to post
Share on other sites

Sounds like you would need something similar to how BT Openzone / BT FON works, anyone can connect to any AP but they need their own credentials to log in with.

Some sort of hotspot software may be able to recreate that

Share this post


Link to post
Share on other sites

2 Universities I've been to use BlueSocket which is open-wifi, people connect to it, and have to authenticate on an HTTPS server before being given full network/internet access. It's a bit of a pain in the arse in that after login it sends all users to one page (not the page they were attempting to view) and sometimes you get 'Session Error. Please close this browser/tab and start a new session to authenticate'.

Or you could do LEAP/PEAP with WPA2 Enterprise and make uses have to connect using their login details to even connect to the wireless.

Share this post


Link to post
Share on other sites

2 Universities I've been to use BlueSocket which is open-wifi, people connect to it, and have to authenticate on an HTTPS server before being given full network/internet access. It's a bit of a pain in the arse in that after login it sends all users to one page (not the page they were attempting to view) and sometimes you get 'Session Error. Please close this browser/tab and start a new session to authenticate'.

Or you could do LEAP/PEAP with WPA2 Enterprise and make uses have to connect using their login details to even connect to the wireless.

this leap sounds interesting ... hmm i may have to research all of your suggestions

Share this post


Link to post
Share on other sites

Active Directory network ? If so use a Windows NPS to authenticate WPA2 Enterprise users

Share this post


Link to post
Share on other sites

From my understanding you'd be after something such as a Captive Portal.

Share this post


Link to post
Share on other sites

are any of these free? I mean I have 7-10 servers and loads of switches and routers avalible but I have a 0 budget for software

Active Directory network ? If so use a Windows NPS to authenticate WPA2 Enterprise users

well we could use a windows server but we were hoping for just linux

Share this post


Link to post
Share on other sites

For captive portals, A whole list can be found here with tidbits of info about each one and what it runs on.

Share this post


Link to post
Share on other sites

are any of these free? I mean I have 7-10 servers and loads of switches and routers avalible but I have a 0 budget for software

well we could use a windows server but we were hoping for just linux

If you flashed your routers with DD-WRT firmware, you may be able to do it all for free

Capture.PNG

1.PNG

Share this post


Link to post
Share on other sites

If you flashed your routers with DD-WRT firmware, you may be able to do it all for free

Capture.PNG

if i did this I Would probably be beaten with a stick .... while I am in charge of the project im very limited in what I am allowed to do... I can install what ever I want on the servers... the firmware on the cisco equipment must remain as it is... it has to be air tight security while still being able to have a vpn connection from a certain location

1 person likes this

Share this post


Link to post
Share on other sites

if i did this I Would probably be beaten with a stick .... while I am in charge of the project im very limited in what I am allowed to do... I can install what ever I want on the servers... the firmware on the cisco equipment must remain as it is... it has to be air tight security while still being able to have a vpn connection from a certain location

Bad luck, DD-WRT can do all that and more and is probably more secure than stock

Maybe give them it as an option / adding extra APs with DD-WRT and leave the current routers as they are

Share this post


Link to post
Share on other sites

Haha cisco secure? No :p

Share this post


Link to post
Share on other sites

What wireless routers/APs are you using? Cisco AP, are they standalone or thin (managed via controller)?

How many wireless users, you keep mentioning 500-2000 users - your talking an enterprise setup if your talking 2000 wireless users and I would assume you have way more than just 1 AP, and that you would use a controller that yes could point to radius for auth. You could run freeradius if you needed to, or if windows then sure you could use their own built in radius service - what flavor of windows are you running?

This is that hospital with medical records that your securing access for? Like I said in your other thread you seem to be way way over your head for these projects. And how would you have zero budget for securing medial records? Was I correct this is some hut in the middle of the 3rd world somewhere?

Share this post


Link to post
Share on other sites

The hospitals that I have worked at all have a healthy budget for IT infrastructure provided you can prove you need it, you can't just want to have it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.