Need help setting up a Radius server and selecting LTE routers

biometrics · Jan 18, 2017

We're involved in a project with various components one of which is free Wifi to users of the solution. We're software developers and can handle most of the project but we have no enterprise networking skills.

We need help setting up a Radius server and selecting appropriate LTE routers. We're looking for a company, consultant, freelancer that can assist us with this.

Some thoughts:

1. There will be Wifi access points at various locations.
2. User registration and (automatic) login via a landing page.
3. Only HTTP/HTTPS protocol allowed.
4. A daily cap per user.
5. The router will connect to a mobile network operator.

As you can see we're out of our depth with this, so we need help ...

Thanks

spiderz · Jan 18, 2017

Must the Hardware solution cover all that? (user registation/data capping, ect.)
or only provide the Radius/LTE/Wifi?

How many users will be connecting to a station? +-

biometrics · Jan 18, 2017

spiderz said:
Must the Hardware solution cover all that? (user registation/data capping, ect.)
or only provide the Radius/LTE/Wifi?

How many users will be connecting to a station? +-

We need the solution to do all the above.

Maximum of 20 users per access point at any one time.

biometrics · Jan 18, 2017

Bump, nobody?

The_Librarian · Jan 18, 2017

At this stage getting a working combination of LTE and Mikrotik is very iffy at this stage.

Best to check on the Mikrotik websites which LTE devices are supported, get one and test it first before getting a shedload of the things. But if you really, really need to go this way, use a supported 3G device rather.

Rest of the things a good Mikrotik admin can assist with.

Genisys · Jan 18, 2017

Considering budget isn't mentioned, I'm assuming there is no budget.

Cisco offers a product that will be suitable.

Ubiquity too.

Mikrotik too.

It all depends on how much work you want to do, and how complicated you want things, there is a lot of options out there.

For Radius (if you have Windows DC'S to your avail) you can use Acive Directory. Then for WiFi look at Open Mesh or Unifi AP'S. IIRC they can do Radius hotspot as well.

For LTE look at Huawei's offerings. Very stable products.

Moat of this is in Theory.

paul5186 · Jan 18, 2017

Freeradius or DMA radius on a VM. Mikrotik router with a usb and supported LTE dongle.

biometrics · Jan 18, 2017

Genisys said:
Considering budget isn't mentioned, I'm assuming there is no budget.

Cisco offers a product that will be suitable.

Ubiquity too.

Mikrotik too.

It all depends on how much work you want to do, and how complicated you want things, there is a lot of options out there.

For Radius (if you have Windows DC'S to your avail) you can use Acive Directory. Then for WiFi look at Open Mesh or Unifi AP'S. IIRC they can do Radius hotspot as well.

For LTE look at Huawei's offerings. Very stable products.

Moat of this is in Theory.

There is budget.

The work will be done by whoever we get to do this.

Not complicated:
- user registration/login
- data cap
- http & https protocols only
- initially 150 access points, later growing to 3,000

Genisys · Jan 18, 2017

biometrics said:
There is budget.

The work will be done by whoever we get to do this.

Not complicated:
- user registration/login
- data cap
- http & https protocols only
- initially 150 access points, later growing to 3,000

Considering the scale, look at http://www.arubanetworks.com/. Just be warned however, this will cost a pretty penny. There are local people who specialize in Aruba, best to get in contact with them to find out if their product can do everything you want it to do.

Nuke · Jan 18, 2017

Whats the budget per base?

I would rather use Ruckus for the wifi and tie it directly into a controller(Ruckus Zonedirector) that can handle the landing page, authentication, capping etc. Staying with a single manufacturer make interoperability much easier. On the LTE routers I'm no expert, but Huawei looks decent.

For a production network I hate Mikrotik, just too unstable. But everything you want to do is possible with its hotspot and userman packages. At 150 bases I wouldn't touch it with a stick, you will drive around all day rebooting the crap:twisted:

In what area are you btw? I have done things like this before.

biometrics · Jan 18, 2017

Thanks for the replies.

Can you recommend locals companies to get it contact with regarding this?

We're in Cape Town where this is rolling out.

access · Jan 18, 2017

off the top of my head, ubiquiti unifi comes with a captive portal for user registration and login and connection customization etc, all part of the packaged software(i might be thinking of the controller software, but there is enterprise too).

check out this demo

https://demo.ubnt.com/manage/site/default/dashboard

i set something like this up a while ago, i see the software has advanced nicely.

biometrics · Jan 19, 2017

So far the only company that has been mentioned is three6five.com. They certainly look like they can do it.

Any other recommendations?

sajunky · Jan 19, 2017

People on this forum recommend ubiquiti for extending a single WiFi access point. Your requirements are different (which seems are also supported by ubiquiti).
Price dependent. You can find other full featured routers like Mikrotik, but I am not in position to make recommendation.

In my opinion don't go a route with WiFi router combo with compatible LTE device attached by USB. LTE dongles have a limited TCP stack, not suitable for many users. It is also easier to find separate a good WiFi and LTE device which do not have to be paired.

From LTE side you should get standalone router like B315s, it has a quality internal antenna and will give excellent LTE connection for many users. Use cable Ethernet connection to the WAN port of your WiFi router of choice, working in DMZ of B315s. In such configuration all routing and user control is done on the WiFi device.

B315s from Telkom shop R1309, it includes a backup battery, the best deal.

access · Jan 19, 2017

sajunky said:
People on this forum recommend ubiquiti for extending a single WiFi access point. Your requirements are different (which seems are also supported by ubiquiti).
Price dependent. You can find other full featured routers like Mikrotik, but I am not in position to make recommendation.

In my opinion don't go a route with WiFi router combo with compatible LTE device attached by USB. LTE dongles have a limited TCP stack, not suitable for many users. It is also easier to find separate a good WiFi and LTE device which do not have to be paired.

From LTE side you should get standalone router like B315s, it has a quality internal antenna and will give excellent LTE connection for many users. Use cable Ethernet connection to the WAN port of your WiFi router of choice, working in DMZ of B315s. In such configuration all routing and user control is done on the WiFi device.

B315s from Telkom shop R1309, it includes a backup battery, the best deal.

dont forget the award winning poynting antennas

i have to agree with nuke with his experience of mikrotik, they are nice and stuff.. but just.. the random freezing and restarting and weird issues that pop up here and there. powerful equipment yes, but... meh. fiddly. some guys also had backplane throughput problems when they upgraded to fibre..

syntax · Jan 19, 2017

That many AP's i would certainly go something that can be cloud or centrally managed via a controller for easier rollouts.
You have a few options in this field like Aruba, Cisco, Ruckus etc
There are extra questions that need to be asked such as
Are the LTE devices connecting to an APN or directly to the internet
Are there multiple user databases or a central database for user information, how is this information updated , managed
Are custom landing pages required for each location or a central landing page needed
Is billing a factor or just a quota and thats it
Is advanced shaping or filtering needed (and will there be different user or login classes of service / preference)
Thats just off the top of my head, a kick off meeting to discuss and scope the solution is strongly recommended

MidnightWizard · Jan 20, 2017

CISCO

By the sound of things you need an -- ENTERPRISE solution

CISCO produce EVERYTHING you need
From routers / LTE modules / WiFi AP's / Wireless controllers / switches -- all the Cisco devices will be integrated

Devices also enable RADIUS and TACACS+

CISCO specialise in this type of Enterprise solution

As mentioned you can also use Windows Server AD for the radius
or
One of the Linux / Unix distros ( NetBSD )

Pricey YES
but
IF you want a proper set it up once solution then this is what you have to do !

Have a look for one of the certified CISCO Gold partner companies
( You can negotiate -- plus -- you get a guarantee on everything )

The_Librarian · Jan 20, 2017

Cisco

pricey kit, but worth it for enterprise solutions.

sajunky · Jan 20, 2017

syntax said:
Are the LTE devices connecting to an APN or directly to the internet

All cellular devices I know (including LTE) connect by APN. Bridge mode is not available on cellular connections. It means NAT and the number of active TCP connections must be handled by the cellular device. This limit can be easily hit when multiple users do lot of Web browsing.

philaniH · Jan 20, 2017

Hi

if your deadline is not so close, simply run your radius and web server will all your nice things in pi than connect mikrotik rb2011-wifi to it, make a nice rack mount cage.

this should cost zar 5000 (cage, rb 2011, custom power board for both or simply hide both mikrotik and pi adapters in there)

There you go,

Need help setting up a Radius server and selecting LTE routers

Honorary Master

Honorary Master

Honorary Master

Honorary Master

Another MyBB

Honorary Master

Expert Member

Honorary Master

Honorary Master

Senior Member

Honorary Master

Honorary Master

Honorary Master

Honorary Master

Honorary Master

Executive Member

Executive Member

Another MyBB

Honorary Master

Well-Known Member