Wireless Hotspots

[chilli]

Hi All,
I am thinking about setting up a wireless hotspot within the office so that visitors and clients, as well as co-workers can login to the wireless and access the internet etc using whatever wireless gadgets they own.

From my own experience with wireless hotspots (ok only one), when I attempted to login to the hotspot, I was presented with a welcome screen saying what the hotspot was then prompting me for either user name and password, or the wireless encryption key (I forget which).

So basically how is this done? Is there something like a "wireless hot spot access point" or is this handled through a server?

Currently the office does not have any wireless at all. Currently we are running SBS2000 but looking into upgrading the server soon to SBS2003. Is there anything that can be managed through there? or maybe through another machine (eg running XP)?
What other equipment woudl be needed?

The office is 4 terraced houses that have been knocked into one building, 3 floors with a basment. There are Cat5 access points in every room.
So I'm hoping that it would be something as simple as getting enough wireless access points to cover every room (plugging into the existing cat5) and maybe some software managing it on the server or on a simple machine...

 

[Iceblue]

So I'm hoping that it would be something as simple as getting enough wireless access points to cover every room (plugging into the existing cat5) and maybe some software managing it on the server or on a simple machine...

Basically that is all you have to do, but you do have to pay attention to some wireless infrastructure details, such as making sure your overlapping access points are on non-interfering channels.

First, though, how do you want the hotspot to appear to the users? What kind of security do you want on the system?

If you just set up access points with an open hotspot, people will just connect with their wireless adapter and be on your internal LAN, including access to the internet, presumably. They would not have easy access to your internal computers unless they were already pre-configured to be in one of your internal workgroups (or have an account on your domain server, depending on how you are set up internally). However, once on the LAN, hacking into your systems becomes easier - they have bypassed your router / proxie server's firewall.

If you encrypt the wireless, you will need to provide people who access the system with the encryption key. This will allow you to control who gets access, but if you are allowing the "general public" (e.g. customers, clients, vendors, etc.) access, the key will be "out there" and ultimately beyond your control.

If you want them to have access to ONLY the internet and not your internal LAN, then thing get considerably more complicated with respect to your existing infrastructure. I say this presuming the "Cat5" connections you talk about are directly onto an internal LAN.

The "Welcome Screen" style of connection - I've never done one of those. Hopefully someone who has experience with those can respond. Typically I see them where you have to pay a fee for internet access (such as at airports). Presumably, such systems have open wireless connection to an HTML server which handles the logins, provides the gateway to the internet, etc., but I'm only guessing.

 

[chilli]

Well security is a major issue.

Ideally I would also like to be able to access useage data, such as who/how long/how much is being used.

Another thing that might be useful is if there can be different access levels, such as employees being able to access the LAN where as "guests" and visitors can only access the internet and printers. Most of the printers here have their own print servers so maybe there is something in that...

The most basic idea I have had is to have 2 ADSL circuits, one for the strict use of the company and a more "open" connection which is strictly internet only. Then have 2 SSID's, one with stronger encryption for the compnay with one a more general thing for visitors etc...


The best thing I have seen so far is the SMC hotspot gateway (SMCWHSG44-G UK). I am just trying to find out if it can be customised with varying levels of access. I would probably initially charge nothing for the use just to see how things go before looking into charging.

Just plucking figures out of the air, assuming I had 10 Access Points around the building, woudl they have to be on seperate channels if they overlapped? I thought that would not matter if they were using the same SSID, encryption etc.

 

[evongugg]

Another suggestion would be to use a computer and Microtik software as a router and hotspot:

http://www.mikrotik.com/software.html

http://www.mikrotik.com/solutions.php