[TriLUG] Hotel style wireless
rick.denatale at gmail.com
Wed May 4 17:56:37 EDT 2005
On 5/4/05, Steve Hoffman <srhoffman at gmail.com> wrote:
> Right now, my company has two wireless access points (a WAP11 and a
> WRT54G), one at each end of the buildling. We're currently doing MAC
> filtering only, since the only ones who use the wireless are company
> guests. Every time one shows up they have to come to me to give me
> their MAC so I can punch it in to both AP's and if I'm not here then
> they have to plug into the wall (gasp). So I was recently on a trip
> and the hotel I stayed at had free wireless. In order to use it, I
> connected to the AP, surfed to ANY webpage and was taken to their
> "login" page that asked for my room number and the code printed on my
> key. As soon as I did that I was able to surf the internet with no
> problems for the duration of my stay.
> I'd like to set something similar up, perhaps only slightly less
> sophisticated, but when someone comes here they can only get to the
> login webpage until they provide valid credentials and then are able
> to surf the net freely. My problem is I don't know where to start
> looking. The network is about 75% linux so I'd prefer a linux based
> solution, but if there's a better way to do it on <the OS that shall
> remain nameless> then please pass it along also.
> Thanks for any suggestions,
I don't know of particular solutions FOSS or not, but there was a good
article about these "Visitor Networks" in the Cisco Internet Protocol
Journal back in September of 2002, Volume 5, No 3. It's in the PDF
They talk about all kind of tricks using ARP, NAT, vlans etc, to do
slick things like making the guest network work regardless of how the
client is configured.
There was at least one follow up letter to the editor pointing out the
security aspects from the client point of view. For example if the
visitor network is set up to intercept initial web connections via low
level protocols and accept payment via credit card say, how does the
user authenticate the request?
Because of this it's better to provide "sign-up" outside of the
network, which seems to be more common lately in hotel and corporate
settings where you are asked for a room number or an authorization
number you obtain from the front desk, or the corporate receptionist
instead of more negotiable forms of 'payment.'
More information about the TriLUG