We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Restrict network access until user authenticated against remote database.

benlinton
benlinton asked
on
Medium Priority
178 Views
Last Modified: 2010-04-08
Hi.

I want to set up a wireless network which will allow users to access only one internet website where they can buy surfing time.  Once they have an account, I want the firewall at the access point to allow them to surf the internet freely.

I think this will require rewriting the firewall in the access point restricting access based on MAC address, but how do I go about doing this.  Setting up the central database is no trouble, but how do I get the firewall to talk to it?

Many thanks,

Ben
Comment
Watch Question

Pete LongTechnical Architect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Hi benlinton,
Im unsure to be honest but if your using cisco firewall you can certainly get it to authenticate to an RSA Radius server on your network, you just nees to work out how to assign the RSA access licences to the clients?

PeteL

Author

Commented:
I was wanting to reprogramme a netgear wireless router such as:

http://www.netgear.co.uk/html/prod_routers_adsl_dg834g.htm

but don't know if this is possible.  

Basically, this machine gives you a web based controlpanel where you can add MAC addresses to a trusted list.  I want to allow all MAC address access to my billing website, but then only allow full internet access to MAC addresses I have in my database as having paid.

Is that clearer?!!

Many thanks,

Ben
Les MooreSr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008

Commented:
Have you looked at something like this D-Link gateway
http://www.d-link.com/products/?pid=173

CERTIFIED EXPERT

Commented:
You could use one generic SSID that allow users access only to your payment server network - eg 192.168.1.1/32.

Then, another SSID could be used (with authentication) to provide the global Internet access that they require (running on another network, eg 192.168.2.0/24)
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
And is it easy to get the proxy server to talk to a central database?  Sounds promising...!

Commented:
The database I've seen it work with is Active Directory and ISA 2000. Works very nicely. I'm sure there are bespoke apps that fit the picture if you don't want to use the Ms route.
Les MooreSr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008

Commented:
Are you still working on this? Do you need more information?
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.