[134164] in North American Network Operators' Group
Re: Public Wireless access (ticket / token / schedule based)
daemon@ATHENA.MIT.EDU (Robert E. Seastrom)
Mon Dec 27 23:50:58 2010
To: "Bill Lewis" <blewis@hottopic.com>
From: "Robert E. Seastrom" <rs@seastrom.com>
Date: Mon, 27 Dec 2010 23:50:50 -0500
In-Reply-To: <26CF6BC367161D4BAFC39B6ED6F885F30289ECB6@TNEXPRD.hottopic.com>
(Bill Lewis's message of "Mon, 27 Dec 2010 12:15:55 -0600")
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
"Bill Lewis" <blewis@hottopic.com> writes:
> What is everyone using for enterprise grade wireless authentication for
> simple public access (i.e. users that are non-employee that need
> internet access (non-PCI) while in your building). Obviously I will hang
> this off a DMZ switch outside of my private LAN. Looking for something
> vendor driven, don't have time for anything home grown or unsupported /
> community based.
Assuming that this is for your offices not your retail outlets...
Is there some reason you can't run it wide open without even so much
as a captive-portal-check-the-box thing? All of the commercial boxes
I've seen for doing what you say you want to do have been Deeply
Unsatisfactory in some way (Nomadix is at the top of the list here).
If you lose the authentication altogether and just make sure that
there is a bandwidth lid on per host overall usage plus more
conservative limits for things like the usual torrent ports and of
course blocking certain other ports entirely... you've just
eliminated the administrative overhead of issuing credentials to your
visitors and streamlined your entire process.
Doable?
-r
