Solved

Public Wifi

Posted on 2010-09-19
1
1,062 Views
Last Modified: 2013-11-09
OK, I'm a WIFI newbie.  We have a cisco 827 Router, cisco 350's as bridges, and cisco 1200 AP.  I just got funding for cisco aironet 1520's 3 or 4 of them.  I would like to setup the new wifi so we can see current usage, have a splash page, content filtering, and be able to stop filesharing.
 Does cisco offer a GUI for the end user to check on the current usage?  
 Are these features possible with this HW?
What is the best way we can maximize our covrage with this hardware, should we have a certin attenas or better AP's?  I was going to replace the current AP's with the new ones and remount the old ones someone else to extend coverage.  Would we simply get better coverage with new attenas?
I'm not even sure what to ask or where to start....HELP....
0
Comment
Question by:CCtech
1 Comment
 
LVL 37

Accepted Solution

by:
meverest earned 500 total points
ID: 33713748
Hi,

there are quite a few specific questions amongst your post there - I'll try to pick them out and answer them all ;-)

A lot of the functionality that you refer to is not really a function of the hardware, but more about some kind of access software.  

Most advanced AP systems achieve access integration using RADIUS and there are lots of RADIUS solutions around including open source (e.g. www.freeradius.org) and proprietary (e.g. http://www.open.com.au/radiator/)  RADIUS server will allow you to permit or deny access to a list of username/passwords stored in a database or other store (e.g. text file, ldap etc)

Windows server also ships with a radius server (called 'Internet Authentication Service') that can support radius authentication to the windows userbase.

Support for user account details like check usage and change password and billing etc is usually delivered by a user account manager application.  There are lots of these sorts of applications available too - like emerald (http://www.iea-software.com/products/emerald5.cfm) and DuxTel Commander (http://www.duxtel.com.au/software_overview.html)

Content filtering, also, is usually implemented as an independent service, and often as a filtered web proxy server.  Another relatively simple implementation is use of DNS level filtering, like supported by openDNS (www.opendns.com)

There are a couple of ways to do authentication, depending on your requirements.  If you have a closed network where you want only authorised users to connect (like an office, corporate or other industrial application) then you will want to make sure that a user can't even connect to the wireless without providing credentials.  in that case you will apply your radius to the wireless layer using EAP/PEAP etc so that the user sees an authentication request as soon as they try to connect to the ssid.

If you want a more tarditional hotspot arrangement, when anyone can connect to the wireless and browse a few selected web sites (usally including a payment service) then you will want to use a hotspot system like chillispot (an open source solution) or the mikrotik hotspot that comes built-in with routerOS (www.mikrotik.com)

Last of all, you ask for comment on alternative hardware - personally, I'd say that you can't do much better than Mikrotik routerOS for price and performance.  You can buy mikrotik based hardware (www.routerboard.com) for about one fifth of the price of an equivalent cisco, and you get a whole swag of advanced features like p2p file sharing filters and built-in hotspot service.

You can deploy a 100% mikrotik network with routerBoard APs and gateways, or you can use other brand wireless AP (including cisco etc) and then use a mikrotik or linux + chillispot router as the authentication gateway.

To deploy over wider areas, I recommend to use some kind of repeater or mesh solution.  Most wireless AP hardware (including cisco) will support 'WDS' service which allows you to set up 'repeater' stations that extend the coverage of a single AP.  Some systems (including mikrotik) support a dynamic 'wds' system that allows you to create a self-learning mesh network where all repeaters automatically make a connection to the nearest running peer - and automatically reassociate with another device of that nearby peer goes offline for any reason.

Some devices (again Mikrotik included) can also support multiple gateways so that you can have more than one gateway with an internet connection in the wireless mesh, and repeaters will automatically choose the nearest operational gateway for redundancy and reliability.

So there's a few comments to hopefully get the discussion started - feel free to seek clarifications!

Cheers,  Mike.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Working settings for French ISP Orange "Prêt à Surfer" SIM cards for data connections only. Can't be found anywhere else !
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now