Questions

Radius server Microsoft and Captive Portal

+
0 Votes
Locked

Radius server Microsoft and Captive Portal

adamtuo
hallo,
i'm going to make one radius server microsoft.
For now i have implemented a radius with IAS services from Win 2003 server, my Access point are Cisco 1200 series and i have 10 buildings connect at my radius not near but scattered on the territory. My users are 2500, but for now only 10 users for buildings use wireless.

My problem are:
when there are users guest not authorizes from my active directory, the radius must redirect the user guest to one home page, and if they have one user and password can use internet but non see my network (for this i think to use a VPN).
  • +
    0 Votes
    stress junkie

    I would use a firewall appliance to create a DMZ between the Internet and the Radius server. Put the wireless access point between the firewall and the Radius server. Here is a diagram.

    Internet
    |
    Firewall
    | |
    | |--------------Wireless Access Point
    |
    Radius Server / Firewall
    |
    Your LAN

    The firewall has thee network cards. One card goes to the Internet. A second card goes directly to the Radius server. The third card goes directly to the wireless access point.

    The firewall filters packets that come from the Internet and that go to both the Radius server and that go to the wireless access point. The firewall also filters packets that go between the wireless access point to the Internet and to the Radius server. This way there is a firewall between your wireless clients and your LAN.

    In this configuration wireless clients do not need to authenticate to the Radius server in order to use the Internet. If a wireless client does authenticate to the Radius server then it can use your LAN. The Radius server, as shown in my diagram, is actually another firewall. It should prevent packets from non authenticated wireless clients from reaching your LAN. The Radius server does not have to be another firewall. The firewall between the Internet and your LAN will keep unauthenticated wireless clients from accessing your LAN, so the Radius server can just be an authentication server.

    +
    0 Votes
    jovarsa1

    Hello,
    I'm in the process of setting up the Cisco areonet 1200 in our company with Radius authentication but I'm running in to a problem, I know this don't help you but since you already setup the radius with the Cisco 1200 you might be able to help me with my setup. The computers see the wireless and it get connected but I think is not getting authenticated because I can get an IP can anyone helps.

    by the way I'm using Win 2003 server IAS for the radius and the Cisco 1200 Series for the wireless device.
    Hello,
    I'm in the process of setting up the Cisco areonet 1200 in our company with Radius authantication but I'm running in to a problem,I know this don't help you but since you already setup the radius with the Cisco 1200 you migth be able to help me with my setup. The computers see the wireless and it get connected but I think is not getting authanticated because I can get an IP can anyone helps.

    by the way I'm using Win 2003 server IAS for the radius and the Cisco 1200 Series for the wireless device.

  • +
    0 Votes
    stress junkie

    I would use a firewall appliance to create a DMZ between the Internet and the Radius server. Put the wireless access point between the firewall and the Radius server. Here is a diagram.

    Internet
    |
    Firewall
    | |
    | |--------------Wireless Access Point
    |
    Radius Server / Firewall
    |
    Your LAN

    The firewall has thee network cards. One card goes to the Internet. A second card goes directly to the Radius server. The third card goes directly to the wireless access point.

    The firewall filters packets that come from the Internet and that go to both the Radius server and that go to the wireless access point. The firewall also filters packets that go between the wireless access point to the Internet and to the Radius server. This way there is a firewall between your wireless clients and your LAN.

    In this configuration wireless clients do not need to authenticate to the Radius server in order to use the Internet. If a wireless client does authenticate to the Radius server then it can use your LAN. The Radius server, as shown in my diagram, is actually another firewall. It should prevent packets from non authenticated wireless clients from reaching your LAN. The Radius server does not have to be another firewall. The firewall between the Internet and your LAN will keep unauthenticated wireless clients from accessing your LAN, so the Radius server can just be an authentication server.

    +
    0 Votes
    jovarsa1

    Hello,
    I'm in the process of setting up the Cisco areonet 1200 in our company with Radius authentication but I'm running in to a problem, I know this don't help you but since you already setup the radius with the Cisco 1200 you might be able to help me with my setup. The computers see the wireless and it get connected but I think is not getting authenticated because I can get an IP can anyone helps.

    by the way I'm using Win 2003 server IAS for the radius and the Cisco 1200 Series for the wireless device.
    Hello,
    I'm in the process of setting up the Cisco areonet 1200 in our company with Radius authantication but I'm running in to a problem,I know this don't help you but since you already setup the radius with the Cisco 1200 you migth be able to help me with my setup. The computers see the wireless and it get connected but I think is not getting authanticated because I can get an IP can anyone helps.

    by the way I'm using Win 2003 server IAS for the radius and the Cisco 1200 Series for the wireless device.