Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Radius with or without clearpass - Instant possibilities

This thread has been viewed 3 times

  • 1.  Radius with or without clearpass - Instant possibilities

    Posted Dec 29, 2016 11:21 AM

    Hello, 

    We are testing a desing created for distributed venues with Instant cluesters connected through VPN to a centralized authentication site for EAP auth and an Airwave. Apart from the authentication each site will have its own captive portal for guest wifi and also client wifi. 

     

    The client is requesting to test different types of profiling with the instant clusters and we are testing them with a FreeRadius. We might be able to offer a ClearPass or a controller based remote sites solution but for pricing purposes we would try to get as much as possible without them. 

     

    Could anyone please confirm if we can do any of these with freeradius and instant, or if not if we should add a controller and/or a ClearPass:

    - Configure a time limit interval for guests for each day

    - Configure a maximum of simultaneous logins with the same user / pass

    - Cache the MAC of an authenticated user so it doesnt have to login again. Please explain if its possible to set this cache time (i.e 1 day, 1 week, etc)

    - Assign dynamic bandwidth to an SSID or a user. If the other is free take all the BW, if not stick to the max BW. 

    - Assign dynamic bandwidth to an application. Same as before but for example specify a maximum of 1mb per user for Facebook, but if the system is free of traffic assign all the 10mbps as EIR. 

     

    Thanks in advance!

     

     



  • 2.  RE: Radius with or without clearpass - Instant possibilities

    EMPLOYEE
    Posted Dec 29, 2016 11:24 AM
    All of those are possible with FR but they are not native and would require extensive customization, coding and other external components like SQL servers.

    ClearPass can do all of this out of the box.


  • 3.  RE: Radius with or without clearpass - Instant possibilities

    Posted Dec 29, 2016 11:43 AM

    Thanks Capalli, 

     

    All of those can also be performed only with an instant cluster or any of them would requiere a controller?

     

     



  • 4.  RE: Radius with or without clearpass - Instant possibilities

    EMPLOYEE
    Posted Dec 29, 2016 11:57 AM
    Dynamic application bandwidth policy enforcement is not a function of a AAA server.

    I don't believe either controller or Instant can do this but I'll let someone else confirm or deny that. All others should be possible in both architectures.


  • 5.  RE: Radius with or without clearpass - Instant possibilities

    EMPLOYEE
    Posted Dec 29, 2016 12:09 PM

    I don't believe that you can support dynamic bandwidth allocation with the IAPs nor controllers. Might be supported in something like a Palo Alto firewall. 



  • 6.  RE: Radius with or without clearpass - Instant possibilities

    Posted Dec 29, 2016 12:40 PM

    Ok Thanks!!

     

    Regarding the FR config is there any document of how to configure it that you may know in order to work with it?

     



  • 7.  RE: Radius with or without clearpass - Instant possibilities
    Best Answer

    EMPLOYEE
    Posted Dec 29, 2016 12:42 PM
    No, like I mentioned, it requires complete custom development to add features like you described. FR by itself is a basic RADIUS server.