OK, we are about coming out from testing.

There is a new authentication method coming that uses DHCP and Radius to give ALL the settings you would get from using PPPoE.

:arrow: IP, mask, Gateway, and DNS. It also sets the CBQ per client, doews IP accounting collection and forces the user to remain at the given IP or they are firewalled to be rejected.

:arrow: eeZee Config that simply does not care what you have the client set for. An IP of 1.2.3.4, mask of 255.255.255.0, gateway of 5.6.7.8 will have the guy surfing. Of course using the above DHCP and radius is the preferred way, but if you make a mistake and set the DHCP wrong, this kicks in just as if they were bogus static settings.

will this be supported for ethernet clients as well, or is it just for the wireless?

Ethernet and Wireless. This is a stand-alone feature, not tied to any specific mechanism such as DHCP, Hotspot, auto-auth, etc.

Thanks!

It has become clear that you need to have a lot of control over a network that has casual or semi-anonymous users. At the same time there are many venues where free networking is appropriate... such at computer shows or technology events.

Hotspot presents an interesting way to potentially handle this.

I would like to achieve a firewall configuration where classes of users have treatment appropriate for their level of authentication and accounting.

An easy way to do this is have different pools of IP addresses that are dynamically/statically assigned based on the user's id and authentication outcome.

We use this on our dialup. It allows us to control access to adult content on the news server, for example. Our dialup routers have 4 pools of addresses, and we can specify which pool a user is provisioned from. Then the firewall rules do the rest.

It would be handy for all services that assign IP's to support the various pools.

In the case of hotspot, radius can assign pools as per authentication request. In addition, the users that click the "guest button" get attached to a designated pool of addresses for them.

The guest user is the free user at the coffeehouse hotspot, or the computer convention.

The guest user should optionally force a registration page that is simply syslogged. That way when we detect viruses, we can let the user know because we know who he is.

Is this gonna include an easy to use webpage redirect for any unauthorized users to arrange payment in order to gain access?

Currently the page has a login button, but we hope to have a white listed IP that goes to a sign-up computer by a "register" button. The signup server takes payment and authorizes the user system.

We do not yet have the whitelist IP and we certainly do not provide the signup server or its tie in to the radius.

Ok, then, I could use the signup server to populate Radius with a temporary ID... That would work.

Any status on this eezee config. It sounds awesome..

Reed

We are finalizing testing, and should have a release very soon. (perhaps later this afternoon if things progress well).

You probably saw, but it has been released. As for the free login, simply create a radius entry for demo, demo and modify the lof\gin page to advise them to use user demo and password demo, Go as far as having several different logins with different speeds so people can try the different levels of service.

Does this somehow solve the no dhcp working over bridging?

THanks!

An ideal solution would be to have a WEB BASED login for PPPoE instead of a specialised client.

Would that be possible?

a couple of problems, and possible solutions to that:

in order for them to browse to the login page, they would need an Ip address. I belive most people are not assigning IP addresses to the PPPoE enabled radios, and also, most PPPoE clients make sure tcp/ip is not bound to the connecting ethernet adapter. No ip address = no login page.

Second problem is the software itself. PPPoE requires a client software. There may be an ActiveX or Java based PPPoE client or something simliar, but it sounds like a PITA to me.

A web-based pppoe client just doesn't seem practical or useful to me. I believe lonnie & tony have created the same effect with these new features.

Guys, this is why we have the Hotspot code, Check it out. It gives you the convenience of PPPoE, almost as good security and no client driver.

You can have radius authenticate the MAC or force user name and password.