Number of Black List

[cimedaca]

I have the following pre-sales questions....

1. We would prefer our University owned domain notebook users use our WPA2 enterprise login and not have the option to use the captive portal. Can we easily upload and maintain over 3000 black listed MAC adresses for this purpose?

2. We use Cisco AP on a VLAN for our WPA2 enterprise login on a VLAN and can have separate VLANS for different WiFi access modes. Does your software support VLANS on the NIC?

3. We would like to setup University owned handhelds with a client pass through login bases on MAC address. Can we easily upload and maintain over 1000 MAC addresses for that purpose?

4. We would like to let students and staff in our Active Directory login with non University devices using Radius authentication. We already have a Steel Belted Radius Server server for this purpose. Will your software authenticate against this?

5. We will want guests to be able to get a frequently changed guest password. Is this supported along side of radius authentication?

6. Will so many client pass through and black list MAC address cause performance problems or login delays?

7. I see that there have been no updates to your software for some time. When is the next version likely to be released?

Thank you for your time!

David von Arb
Director of Academic Technology
_________________
David J von Arb

[alan]

For Client Filter -> Black List, we support 1000 entries. The Black List feature is designed to block offending clients, not exactly the type of usage you describe.

Can you describe a bit background on what you want to achieve? FirstSpot is primarily a captive portal based system. We do support "Passive Login" which allows administrator to import client MAC addresses in advance. Those Passive Login user does not need to login captive portal explicitly and it will be automatically logged in when it tries to access the Internet.

Note that FirstSpot RADIUS support is different than the WPA RADIUS support. See http://www.patronsoft.com/forum/viewtopic.php?t=1175 for more information.
_________________
~ Patronsoft Limited ~

[cimedaca]

We don't want to our 100 staff and 1300 students with notebooks using the captive portal. RIght now they are authenticated and autologged using a secure and encrypted WPA2 connection. We don't want to allow those systems the ability to login using an unecnrypted captive portal. Unfortunately for this I think we would need more than a 1000 user black list.
_________________
David J von Arb

[alan]

But I think your 100 staff and 1300 students should be in Passive Login instead. Since those users already authenticated using WPA2, isn't that they should be allowed to go through FirstSpot without captive portal (i.e. automatically login)? BTW, the Passive Login limit is much higher, theoretically it can reach 10,000.
_________________
~ Patronsoft Limited ~

[cimedaca]

I know certain application and SSL websites encrypt data, but in general the wireless connection thorugh your captive portal would not be encrypted. That is why we would assume ouir current WPA2 SSID and on a secure VLAN would not change.

We would possibly want to put your software on a different SSID and firewalled VLAN for guests and handheld use.
_________________
David J von Arb

[alan]

That sounds feasible.

Note that if you intend to put FirstSpot for guest and the user directory is not already in RADIUS, you don't even need to use the RADIUS Authentication Mode support within FirstSpot (you can just use the ODBC Authentication Mode).
_________________
~ Patronsoft Limited ~