2014-09-14 - Re: [GRASE-Hotspot] Re: Grase Hotspot as WIFI Hotstpot remote deployment thru Internet connectivity

Header Data

From: drazen <dr***a@radez.hr>
Message Hash: e28ad5f52ee39f3e45710071e5b000f37ae4bd8a94a1fe321c52ff432860fb22
Message ID: <541573DF.3040509@radez.hr>
Reply To: <367609d2-eda0-419e-aab8-174425458757@grasehotspot.org>
UTC Datetime: 2014-09-14 03:54:23 UTC
Raw Date: Sun, 14 Sep 2014 12:54:23 +0200

Raw message 

For this operation network topology or better say , network services 
need to play this role should be located differently.
For any controled network access two things are essential. So called NAC 
(Network access controler) and AAA (authentication, authorization and 
accounting)

Client talk to NAC, NAC talk to AAA then NAC allow or reject client.
In Grase, NAC is Chilli, AAA is radius, both in same box.

In remote scenario, every remote AP have to has own NAC which can talk 
to remote radius.
Besides, radius location should be accessible from internet by DDNS or 
public and static IP.

In theory, any AP device which has radius authentification built-in own 
firmware can talk to remote radius and do NAC function. Ussually most of 
AP devices don't have full AAA built in, then authentification only. And 
this is all at radio level. No splash/landing page.

For this purpose it is common to use devices with OpenWRT or similar 
firmware which usually has own Splash portal or chilli as option.
Each AP/NAC have to do local DHCP too.

At radius side, some diferent configuration should be implemented. Each 
remote AP have to be declared by its MAC with radius. This way radius 
will talk with known APs only. Each AP then can have different 
accounting options or not.

And finnaly there is a question of user database, which usually can be 
anywhere but, it is normally at same box where radius reside. (For 
limited traffic of course.)
... how about proxing and traffic records if asked?

So, according to this very basic requests, Grase as is now can't handle 
remote access. Quite a lot reprogram should be done, and it can't call 
Grase anymore.

Hope this can help understanding.
Please anybody feel free to correct me or add more

Drazen

On 09/14/2014 01:28 AM, Bill C wrote:
> Hi Tim,
>
> Thank you for the information. I will be looking forward for this 
> feature and I hope someone will soon contribute a codes for this.
>
> Thanks,
> Bill
>
> On Sunday, September 14, 2014 6:56:06 AM UTC+8, Bill C wrote:
>
>     Hi,
>
>     I would like to seek assistance on how I can setup Grase Hotspot
>     to deploy remote WIFI device and connect to Grase server. The
>     setup will be similar to hotspotsystem.com
>     <http://hotspotsystem.com> that you can control the WIFI device
>     with admin portal and the wifi devices are deployed in different
>     location not just where the server is located. I need to deploy
>     the wifi device and connect it to Internet and control the Wifi
>     device. Is this setup possible with Grase Hotspot? Thank you in
>     advance and appreciate so much for those who can help me  with
>     details of the setup.
>
>     Thanks! Bill..
>
> -- 
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google 
> Groups "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to gr***e@grasehotspot.org 
> <mailto:gr***e@grasehotspot.org>.
> To post to this group, send email to gr***t@grasehotspot.org 
> <mailto:gr***t@grasehotspot.org>.
> Visit this group at 
> http://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit 
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/367609d2-eda0-419e-aab8-174425458757%40grasehotspot.org 
> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/367609d2-eda0-419e-aab8-174425458757%40grasehotspot.org?utm_medium=email&utm_source=footer>.

Thread