I would like to design a network, and needs to consider the following things:
I have many sites (about 3-400), and each of them will have 1 AP with public internet uplink connection.
There will be several users, and the APs needs to advertise a public wireless network with free internet access by a self registration (or maybe fb login) portal.
We have a datacenter with public internet connection where can put devices that serve the entire network.
I need to implement appropriate filters (appfilter for torrent etc, webcc for uncomfortable webpages etc), and QoS to make good browsing experience for users. (User traffic can be locally bridged, not necessary to send to the datacenter, if filters can be applied in this case)
Furthermore we need to take care about the appropriate level of logging of the users traffic, because it will be a free, public network, if the police asks the network operator for a suspicious user, he needs to give them the log files about user traffic.
What is the good solution, design for this? I think 3 scenario is possible, am I rigth?
1. Aruba Central in the core, and IAPs on the sites. Central has many advantages for this situation, but what about logging? Needs for log server, but can it log the traffic as it needed? (I think no)
2. Mobility Master Controller, Clearpass and Airwave + log server on the datacenter, and campus or RAPs on the sites by a VPN tunnel. (MC can apply filter rules, CP for the portal registration, AW for mgmt)
3. Clearpass and Airwave on the datacenter, IAPs on the sites, then I will have as many clusters as many sites, and clusters can be managed by AW.
Gurus, what is the best solution for this kind of deployment?
THANKS!