Enterprise wireless access control system
-
Thanks everybody for the hints!
So, your suggestion is using ubiquiti hw for access point and for the gateway (USG for example) and squid for the proxy part.
I think I could put squid in a vm aside the ubiquiti controller, a small 1U server should be more than enough.
-
I would go with the edge Routers over the USG.
-
@francesco-provino said in Enterprise wireless access control system:
Thanks everybody for the hints!
So, your suggestion is using ubiquiti hw for access point and for the gateway (USG for example) and squid for the proxy part.
I think I could put squid in a vm aside the ubiquiti controller, a small 1U server should be more than enough.
Yes, and @JaredBusch and I would "always" recommend a proxy inside of a VM and not in the firewall itself. That's not a function that you want located on your firewall box. By having it in a VM you have more power, more flexibility and better options for support.
-
@penguinwrangler said in Enterprise wireless access control system:
I would go with the edge Routers over the USG.
Yes, generally the EdgeRouters is what you want. More power, lower price.
-
I just wonder how much hard could be to setup a proper auth and landing page on the squid VM… I've seen microtik system that automate all the stuff related to move the VM from the guest VLAN and stuff like that. I don't know how much effort would take to orchestrate the ubiquiti sw with squid.
-
@francesco-provino said in Enterprise wireless access control system:
I just wonder how much hard could be to setup a proper auth and landing page on the squid VM… I've seen microtik system that automate all the stuff related to move the VM from the guest VLAN and stuff like that. I don't know how much effort would take to orchestrate the ubiquiti sw with squid.
Backup a second. Squid is a proxy/cache. It doesn't do landing pages or authentication. You'd be looking at something else to handle that. The believe the Unifi controller has a captive portal built in that you may be able to work with.
-
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
I just wonder how much hard could be to setup a proper auth and landing page on the squid VM… I've seen microtik system that automate all the stuff related to move the VM from the guest VLAN and stuff like that. I don't know how much effort would take to orchestrate the ubiquiti sw with squid.
Backup a second. Squid is a proxy/cache. It doesn't do landing pages or authentication. You'd be looking at something else to handle that. The believe the Unifi controller has a captive portal built in that you may be able to work with.
I know, but it needs an external radius server to works.
-
If you want to analyze your squid proxy logs, there are several options to choose from http://www.squid-cache.org/Misc/log-analysis.html
Theirs also a Graylog Squid content pack that can be imported into Graylog.
https://github.com/yon2004/GraySquid -
@francesco-provino said in Enterprise wireless access control system:
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
I just wonder how much hard could be to setup a proper auth and landing page on the squid VM… I've seen microtik system that automate all the stuff related to move the VM from the guest VLAN and stuff like that. I don't know how much effort would take to orchestrate the ubiquiti sw with squid.
Backup a second. Squid is a proxy/cache. It doesn't do landing pages or authentication. You'd be looking at something else to handle that. The believe the Unifi controller has a captive portal built in that you may be able to work with.
I know, but it needs an external radius server to works.
That's going to be a requirement no matter who's wireless stuff you use. Some may hide it better than others, but it's always going to be in place. Don't be scarred of setting one up!
-
@travisdh1 what do you reccommend for Radius? On Linux, of course… any quality tutorial out there?
-
@francesco-provino said in Enterprise wireless access control system:
@travisdh1 what do you reccommend for Radius? On Linux, of course… any quality tutorial out there?
The biggest name (and one of the oldest projects) is FreeRadius (http://freeradius.org/).
-
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@travisdh1 what do you reccommend for Radius? On Linux, of course… any quality tutorial out there?
The biggest name (and one of the oldest projects) is FreeRadius (http://freeradius.org/).
@coliver beat me to it. Also one of the most documented around.
I've seen some tutorials on how to enable this in Windows, and it's adding a role on a Domain Controller if I remember correctly.
-
@travisdh1 said in Enterprise wireless access control system:
@coliver said in Enterprise wireless access control system:
@francesco-provino said in Enterprise wireless access control system:
@travisdh1 what do you reccommend for Radius? On Linux, of course… any quality tutorial out there?
The biggest name (and one of the oldest projects) is FreeRadius (http://freeradius.org/).
@coliver beat me to it. Also one of the most documented around.
I've seen some tutorials on how to enable this in Windows, and it's adding a role on a Domain Controller if I remember correctly.
You don't have to it can be added via a second server.
