Solved

Restrict network access until user authenticated against remote database.

Posted on 2004-03-31
8
151 Views
Last Modified: 2010-04-08
Hi.

I want to set up a wireless network which will allow users to access only one internet website where they can buy surfing time.  Once they have an account, I want the firewall at the access point to allow them to surf the internet freely.

I think this will require rewriting the firewall in the access point restricting access based on MAC address, but how do I go about doing this.  Setting up the central database is no trouble, but how do I get the firewall to talk to it?

Many thanks,

Ben
0
Comment
Question by:benlinton
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 10722909
Hi benlinton,
Im unsure to be honest but if your using cisco firewall you can certainly get it to authenticate to an RSA Radius server on your network, you just nees to work out how to assign the RSA access licences to the clients?

PeteL
0
 

Author Comment

by:benlinton
ID: 10722944
I was wanting to reprogramme a netgear wireless router such as:

http://www.netgear.co.uk/html/prod_routers_adsl_dg834g.htm

but don't know if this is possible.  

Basically, this machine gives you a web based controlpanel where you can add MAC addresses to a trusted list.  I want to allow all MAC address access to my billing website, but then only allow full internet access to MAC addresses I have in my database as having paid.

Is that clearer?!!

Many thanks,

Ben
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 10723514
Have you looked at something like this D-Link gateway
http://www.d-link.com/products/?pid=173

0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10723691
You could use one generic SSID that allow users access only to your payment server network - eg 192.168.1.1/32.

Then, another SSID could be used (with authentication) to provide the global Internet access that they require (running on another network, eg 192.168.2.0/24)
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 20

Accepted Solution

by:
What90 earned 500 total points
ID: 10729338
Why not just set up a proxy server account for each user once they have joined and paided?
They enter a username and password (on the proxy server of your choice) once they connect to the default web page.

That way the proxy server authenicates the user and allows them access to the Internet.
You can place any further rules on the proxy server.

Most of the hot spot zones ISP's use a similar method.

Saves all this MAC madness ;-)

0
 

Author Comment

by:benlinton
ID: 10730007
And is it easy to get the proxy server to talk to a central database?  Sounds promising...!
0
 
LVL 20

Expert Comment

by:What90
ID: 10730569
The database I've seen it work with is Active Directory and ISA 2000. Works very nicely. I'm sure there are bespoke apps that fit the picture if you don't want to use the Ms route.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 10807710
Are you still working on this? Do you need more information?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Split tunnel and locally reroute the traffic 3 34
sftp access 4 50
Hardening ScreenOS 8 101
ipsec tunnel comme not up 10 79
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now