Inline. On 07/06/2012 05:37 AM, Rogelio wrote: > Thanks, Sam. That is helpful. > > FWIW, I'm currently researching the following things on UBNT... > > 1) How exactly is UAM done on all Ubiquiti radios? Specifically, can > an AP do the following... > > a) white lists an offsite portal page (e.g. NNU or Aptilo) Yes, under guest control you specify it as 'External Portal Server' and set the custom portal IP and optional hostname (if using virtualhosts). > b) redirects unauthorized users to this portal page? Yes, all traffic not authorized is sent to the portal page. > c) after client pays on portal page, tell the AP UAM webserver on > Ubiquiti radio to authenticate the user Yes there is an API that you can use to authenticate MAC addresses, the portal redirect sends uses to a <PORTALIP>/guest/ with two 'POST'ed arguments 'id' which is the MAC address of the connected client and 'url' which is the destination of the original web request.
You can then perform any sort of authorization (payment, password verification, etc) and authorize the MAC to the UniFi controller for a specific amount of time. > d) pre-authenticate user MAC addresses that roam from other APs? I have not tried this so I'm not 100% sure. Quick and dirty would to authorize the MAC address for a very long period of time (say 10 years). > > 2) If a Ubiquiti device already services an SSID, how can it also > serve a separate SSID that (a) does it's own UAM, and (b) does its own > DHCP scope? Can I do this existing hardware? Or do I need to get a > new radio for each new service? UniFi units can service multiple 'Wireless Networks' which each have their own SSID and settings, you can have a network which has guest control as described above, another that has encryption and a third that is completely open. One thing to keep in mind, each additional 'Wireless Network' will reduce available throughput for each AP as some air time is spent on beacon traffic etc, I believe there is a hard limit of 4 networks, but I haven't tested anything more than 2. I am not sure what a UAM is, as for DHCP the UniFi units act as wireless bridges basically, DHCP needs to be handled with a seperate DHCP server, such as a Mikrotik. From a UniFi standpoint everything occurs at the MAC level so you could have multiple UniFi units operating in private IP space behind seperate NAT routers all belonging to the same 'Wireless Network' (which means they share the same SSID, access control, and management interface). > > Ideally, I'd like to "stack services" on existing UBNT networks, as > well as roll out new ones...hence the reason I'm hoping for some sort > of simple UAM overlay. Again, not sure what UAM stands for. UniFi is a seperate firmware used on the UniFi products (indoor, indoor longrange, outdoor outdoor 5Ghz, indoor dual band), you can also flash the PicoM2s with the unifi firmware for a single pol 2Ghz. > > On Thu, Jul 5, 2012 at 5:03 PM, Sam Tetherow<tethe...@shwisp.net> wrote: >> This sounds pretty much like UniFi. The UniFi units do not handle the DHCP >> so you would need something handing out leases like a small Mikrotik box. >> You then add all the UniFi units that you want to be 'seamless' to the same >> network in the unifi controller. The unifi controller can be run anywhere >> that is reachable from the UniFi units (the UniFi's do not have to be >> reachable from the controller though, so then can be behind a NAT). >> >> >> >> On 07/04/2012 05:17 PM, Rogelio wrote: >> >> (Apologies if my questions are a bit naive, I'm still getting used to how >> Ubiquiti does things. I've always done things the traditional way in carrier >> networks, i.e. tunneling everything back to the core and then breaking out >> traffic accordingly). >> >> I have some questions about Ubiquiti's ability to integrate with UAM. >> >> I have a scenario where I will have approximately 1000-2000 APs scattered >> across different extremely rural areas with limited backhaul space. These >> areas will likely NOT have the expertise to properly babysit a core >> solution. >> >> In a past life, I've often just put in an access point with some sort of >> DHCP solution and UAM redirect. This AP plugged directly into the modem >> (DSL, cable, etc) and then got a public CPE address which I could manage >> remotely. When customers hit the open SSID, they got a spash page that was >> served by NetNearU (NetNearU.com), and when they authenticated, their MAC >> was whitelisted on for the duration of time. When they went to another AP >> that had a different DHCP server, their MAC address was pre-authenticated >> and they appeared (from their perspective "to roam"). >> >> A few questions on how I can do this "The Ubiquiti Way". >> >> 1) Does Ubiquiti do DHCP at the edge on each AP? If not, is there some 3rd >> party software I can use? I understand if this is not supported and if I >> have to figure this out myself. That is not a problem. >> >> 2) Does Ubiquiti have a way of vectoring the users off to this database? I >> see that Chili has a plugin, and it looks relatively simple to integrate. >> Does this still work with the current OS? Or have things changed? >> >> http://coova.org/node/3685 >> >> 3) Can someone recommend a hosted user database solution that is cheap and >> reliable? If I had to roll it myself, what would you recommend? >> >> 4) Do I have to use UniFi? Can I just script out some sort of login script >> to quickly deploy and configure these thigns? >> >> This project (if it takes off) could be about 1000-2000 thousand APs >> scattered across rural Africa and South America. I'm hoping for limited >> equipment at the edge (things like battery backups and customized antennas >> may be needed in some cases, but I'm hoping for limited network equipment). >> >> If anyone has any ideas or would like for me to connect them with the >> various decision makers, please feel free to contact me offline. I'm not >> looking to make anything off this project, just donate a little time in >> helping it get off the ground by asking the right questions. >> >> -- >> Also on LinkedIn? Feel free to connect if you too are an open networker: >> scubac...@gmail.com >> >> >> _______________________________________________ >> Wireless mailing list >> Wireless@wispa.org >> http://lists.wispa.org/mailman/listinfo/wireless >> >> > > _______________________________________________ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
