• Hey everyone, Jon here. I'm about to kick off a pilot for a new guest internet solution. The current solution has served us well but I believe the architecture we are using may have run it's course. So I'm interested in what others are using out there for there guest internet solution both wired and wireless. Let me give you some more info.
    I need to support approximately 1000 concurrent connections. The throughput is surprisingly low approx. 10-15Mbps. Probably due to the burstiness of web traffic. I have 20 different subnets that each need a unique captive portal page. These subnets are routed through VPN tunnels over a MPLS cloud and SONET ring to the firewall where the find the internet. The captive portal pages would need to provide terms and conditions of use and and accept button. This functionality would then "authenticate" the client for 8 hrs.

    We currently have a vendor that provides the captive portals with a Linux server and their special sauce. I'm finding as the concurrent connections increases the response time goes down. Shocker, I know. I have found that the delay is attributed to the captive portal server. This makes sense to me as it is responsible for keeping track of the state of up to 1000 connections or IP's rather. The server is relatively new and seems adequately robust by today's standards. My concern is over capacity planning of not only my present solution but also any alternatives. So..
    1. Are there limits to the "in-line" captive portal guest solution. If so, what are some alternatives that exist.
    2. Is anyone using the built in functionality of their controllers to provide guest access to a large number of users (100-500 concurrent per controller).
    FYI, this is hospitality wireless so, cost is a big factor. Sorry if that is a bit long winded, I'm looking forward to seeing what you all come up with.

  • You should try, a pretty good multi-vendor solution.

    They have both inband (all traffic goes through the box) and out of band (traffic goes through the box just for captive portal/authentication.

  • I haven't heard of this in line solution. They look like they have a good interface. Since they are in Australia that probably means After hours level 2 & 3 support is available. :) However, Aruba appears to have bought them on Tuesday. Not sure if they will remain vendor agnostic. Thank you for the link I will have to check them out.

  • I'm actually interested to see what Aruba does with this product now. Aruba's guest access setup was relatively simple in itself. So long as you had an Aruba infrastructure in place already of course. [/hijack]

    What wireless, if any, do you have in place already? Are you looking for a new solution that encompasses enterprise wireless as well? I'll have to go back and look at the Aruba set up. I know you could set up captive portal et al, but I don't know if there is a limit to the number. With their AP groups etc I'd imagine you could come close to what you are looking for, though it has been a while since I've been knee deep in Aruba, so my "off the top of my head" knowledge is a bit rusty, so I don't know if it gives you everything you want.

  • I looked the Amigopod a short while ago, but found it very cost restrictive unless you are charging for the access. The entry level starts with 50 simultanious users and goes from there. We got to about 500 users and were looking at over 5k before you start adding other bells n whistles such as the auto proxy. Looks a really good product but couldnt justify it for large numbers.
    We eventually used Ruckus and their inbuilt guest access. They alos support wISP so yo can back off auth to a web based portal.

    Good luck n let us know what you go with.


  • I've looked at nomadix, bluecoat, and even colubris. Nomadix is a great SOHO/SMB solution. Bluecoat seems to be the Ferrari out of all the roll-your-own guest solutions and cost as much as one. For the same money it seems like you can out source it to a third party. I'm working on a pilot with a company called wandering Wi-Fi. They integrate directly with wireless vendors to provide a radius based authentication. This is externally hosted but the redirection happens locally on the controller. So, I guess it is still technically inline but in a distributed architecture. It seems to me that there are limits to the free built in guest solutions as well as the inline "vendor agnostic" ones. Once larger scale comes into play, it seems one needs to decide if they are going to become and ISP or pay someone else to be the ISP. That can be a tough pill to swallow for something that is hospitality? I guess there is no free lunch and no free guest access...someone is paying for it.

  • I have deployed Cisco and Aero Hive solutions and they work pretty well. AeroHive being cheaper than Cisco.

  • It seems that most people out there are using the built in guest functionality due to cost restrictions. Over the holiday saw 2000 concurrent connections on the customers guest wireless network. I suspect the real question I should be asking is how do I keep corporate and personal employee assets off of the guest network. My customer is a health care provider not an internet provider. I wonder if guest wireless will be the driver NAC has been looking for. I would be interested in knowing percentage of guest users are legitimate in mixed corp/guest environments. What do you think?

  • One way is to have an netreg system collect the mac addresses of corporate users. You can then use that same system to reverse mac authenticate users or NOT provide DHCP to users with macs in the system. Each wireless LAN provider has some other vendor-specific methods to prevent this from happening, I'm sure..

Page 1 of 1
  • 1