1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Setup WiFi Access system in a college

Discussion in 'Networking' started by -KaaL-, Dec 13, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. -KaaL-

    -KaaL- Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    5
    Hello,

    My task is to plan out on how to setup a WiFi Access System in our college.
    There are more than 3000 users which include students, faculty, etc.

    Area is spread across almost 1 acre of land area.

    Q1. How do I go about setting up a system where MAC based WiFi Access system is achieved?
    Q2. What equipment will be needed, like routers, access points, etc.?
    Q3. How many Access Points will be required, and which will be the best in terms of cost, range, speed and performance.
    Q4. Which would be the best equipment for this?
    Q5. User management solution?

    I would prefer to go for an Open Source based solution for user management, etc.

    Thanks.
     
  2. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,302
    A1. Are you serious? You do realize you'll have to enter at least 3000 MAC addresses into an allowed database. MAC based security is just not practical nor even considered much of a security feature when you have other more practical methods to control network access such as captive portal.

    A2. Well of course you'll need to have a router if you're looking to provide at least internet access and at a minimum routing of network traffic to internal services in a properly designed network. For this type of deployment, you're only going to be using a wireless controller and light weight APs. Using your run of the mill SOHO wireless router or individual APs just won't cut it.

    A3. This will depend on a wireless survey which has to be done before any hardware purchases or placement decisions are done. The number of APs and placement will also depend on the concentration of users in a given area of your coverage.

    A4. You're looking at solutions from companies like Aruba/Dell, Juniper, and Cisco.

    A5. Whatever you can implement and support. This can be AD running on a Windows Server to an LDAP server running on a Linux server.

    Based on your questions, you'll be better off paying for implementation services which any of the above companies will be able to provide.
     
  3. -KaaL-

    -KaaL- Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    5
    Thanks zx10guy for the prompt reply.

    Well if I implement network access through captive portal, and consider a user has to gain access to the wifi network, still he has to come into the network and then only he can be authenticated right?

    So its like

    1. User --> 2. (connects to wifi network)--> 3. authentication--> 4. internet access

    Q1. Can we block an anonymous user before he reaches point 2? If this is done, we could save the user slots on the wireless APs.

    Correct me if I am wrong.

    Q2. And does authentication methods like captive portal come inbuilt with the Wireless Controllers or should we be implementing it separately on our servers.
    Thanks.
     
  4. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,302
    A1. No. And why would you care? Systems that support captive portal allow devices to connect to the wireless network but it doesn't allow that device to communicate on that network until the user properly authenticates. In essence, the wireless controller puts the device into a quarantine status until authentication happens.

    A2. Captive portal is a feature of a wireless controller. I don't know if all wireless controllers have it. But I do know the ones from the companies I've listed do have it. In particular, I have set up captive portal on a Aruba/Dell PowerConnect W 620 wireless controller before. On that controller you have the ability to keep authentication local so the wireless controller is the authentication server too or you can send authentication queries to an external server.
     
  5. -KaaL-

    -KaaL- Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    5
    Thanks again.

    1. Well then Wireless Controllers can be used to implement a captive portal. But what about the Wired machines then, they will also have to be coming under this captive portal. Now since you are saying that this comes inbuilt in the Wireless controller, how can we do this for the wired components? Will it work separately for wireless and wired or can we have some common authentication platform for captive portal.

    2. And if I were to implement captive portal for wireless and wired for a Windows environment with AD, what would be the best tools, platforms and technology. (P.S. I have license to all MS platforms so if they come with Microsoft, it will be cost effective for me)

    Thanks. Each word of your reply is helping me a long way to understand. :)
     
  6. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,302
    Well, your requirements have changed since your initial post. You never mentioned wired clients. Captive Portal would only apply to wireless clients. For wired terminals, you would institute domain login. How deep you get into port security is up to you. You can do it in a number of ways such as with 802.1x, with a NAC type implementation, or with basic port security features present in enterprise level switches.

    As we get deeper into this discussion, I certainly hope you're going to contract this work out as this is not a trivial design/deployment.
     
  7. -KaaL-

    -KaaL- Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    5
    I am a computer engineering student. So its not as such a contract or anything. I just wanted to make use of the opportunity that my college has given me to study and come out with a solution. Getting such an opportunity would be a good experience to work with high end equipment which probably I cannot afford to buy. :)
    ------
    Ok coming back to this discussion. When you mentioned about captive portal, I explored on it. Currently in our college there is no way to track which users used how much of bandwidth, etc. be it using WIRED or WIRELESS. But when I looked at one of the captive portal (MyHotSpot), it does provide these features. So I thought why not do this for the wired clients also. That's the main reason why I brought them here.
    But yes I do get your point about the new direction.

    I just need the right direction and technology names.
    In one of the companies where I interned, I have seen where they have a login screen (be it a wired/wireless) to connect to the network. How can such a system be formed, isn't it similar to a captive portal?
     
  8. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,302
    I understand your desire here but if you think you're going to implement this by yourself with your current experience and knowledge, you're setting yourself up for a lot of disappointment along with the school. You can still be involved in the whole process and knowledge transfer if you contract this out. You'll learn real quick in the work environment that sometimes it is better to admit you don't know and need help than to have an epic fail.

    As far as technical side of this discussion, again, you keep adding more and more requirements which increasingly expand the scope and complexity of the answer. I don't want to come off like I'm being terse or rude, but you're looking for answers that require a lot of time and work which is outside the scope of this forum. Projects of this scope is why IT professionals/firms (including myself) make the money we do.
     
  9. -KaaL-

    -KaaL- Thread Starter

    Joined:
    Dec 13, 2011
    Messages:
    5
    Well if you see my very first post, I need to submit a plan and not implement it. But in any case, this discussion has helped me a lot to understand atleast the basics.

    Thanks zx10guy sir.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1031016

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice