Firstspot central management question

anoa · Joined: 11 Mar 2011 Posts: 15

I just looked at my demo, and it doesn't look possible. Where it says "visitor network IP" I would have like 10 of those..doesn't look possible for it to handle these different ones.

My problem is I would like to have different subnets for each of the sites in the star network. If I let the firstspot pass out addresses via DHCP, since only one visitor interface is allowed, the all 10 sites would have to be on the same subnet segment. We won't want that because we want to do some other things to track by subnet and site.

I will make a diagram in a few minutes and show you the scenario...

anoa · Joined: 11 Mar 2011 Posts: 15

Ok here is the diagram

So you see my intent is to try to have firstspot and/or the firstspot windows server handout DHCP address ranges to multiple sites with different subnets.
It seems like only one interface is allowed. Is there a way to give these different sites different subnet ranges from the firstspot windows server without having to use VLANs or multiple interfaces as shown in the picture?

I am not as familiar with Windows as with network products and linux so I don't know the answer. The picture, however, shows the end result - each site will have different class c ranges for the AP networks.

The reason for all this is to have firstspot track by mac/IP vs. IP only. It seems to be a little more stable for this purpose if it does the MAC+IP tracking all from the same captive portal instead of doing the IP. We are REALLY trying to avoid putting 10 firstspot servers (one per site) out there. This maybe the easiest thing in the end but it would be very expensive.

like i said before, network-wise we can do whatever (layer 2 tunnels, DHCP relay, Ethernet bridging, etc.) to get this to work if you have any ideas.

alan · **Forum facilitator** Joined: 26 Sep 2003 Posts: 4435

If you really want to use MAC-based Session Handling (i.e. track the client by MAC) in a "WAN" environment, one way to do that is to use layer-2 tunnel. Note the following:

1) FirstSpot Visitor Network Interface will have one IP, e.g. 10.20.0.1
2) The subnet mask should be class b, 255.255.0.0.
3) You need use external DHCP sever so that each "site" will get its own range, like:

site1:
IP : 10.20.0.x
subnet mask : 255.255.0.0
gateway : 10.20.0.1
DNS : 10.20.0.1

site2:
IP : 10.20.1.x
subnet mask : 255.255.0.0
gateway : 10.20.0.1
DNS : 10.20.0.1
_________________
~ Patronsoft Limited ~

anoa · Joined: 11 Mar 2011 Posts: 15

Thanks.
What about IP session handling, do I need to do that big subnet, or are the sets of subnets added in that config page?

Also, are there any drawbacks to IP session handling vs MAC?

alan · **Forum facilitator** Joined: 26 Sep 2003 Posts: 4435

IP-based Session Handling normally works with Multiple Network Segments, so you can have several smaller subnets. E.g.

Segment 1: 10.20.7.x/255.255.255.0
Segment 2: 10.20.8.x/255.255.255.0

And yes, you need to add the corresponding information to the Multiple Network Segments tab within Configuration Manager. Refer to chapter 4 -> Scenario 3 of firstspot_guide.pdf for an example for this setting.

MAC and IP-based Session Handling should behave very similar within FirstSpot, so I don't see any obvious drawback.
_________________
~ Patronsoft Limited ~

anoa · Joined: 11 Mar 2011 Posts: 15

This is good information. It seems that I am a little uneasy trying to do the central management model with IP session handling because of problems that might occur with DHCP/MAC/IP addressing issues like users loosing their IPs mid-session, users "locking up" IPs for too long, users keeping their IPs for too many sessions in a row, etc.

Do you believe that this can be controlled to avoid any issues? I was thinking about limiting the DHCP lease (from the site routers) to the exact timer time that was set on Firstspot (60 mins, for example.) Also, maybe using a self-sign up one-time username/password would slow down any possible abuse maybe. However, I'm not entirely sure this will solve all the problems.

If we were to go to a per site model (which I was desperately trying to avoid) to take advantage of MAC based session handling, what version of firstspot can be used and how "small" of a server/computer can we buy per site? Here are our requirements again:

1) 10-20 total sites
2) MAC session handling
3) 50-60 users max per site
4) click through with terms of use but no username/password (we can do dynamic one time self login if that's the only way to do it)
5) Maximum 5 mbps total bandwidth

I wasn't sure if standard was ok and also was curious if a dual core Intel atom computer was ok (due to the low users and low bandwidth).

alan · **Forum facilitator** Joined: 26 Sep 2003 Posts: 4435

If you use FirstSpot DHCP server and enable DHCP relay in your routers, FirstSpot will take care of the DHCP lease and make sure the IP is only recycled when user is logged out. In other words, IP-based Session Handling will work just fine (we have many customers using this configuration).

As for per site model, in order to save cost, you can use Windows XP which incurs less overhead. As for CPU, I suggest you avoid Atom and use the lower-end CPU like i3 or the old Core 2 Duo instead.
_________________
~ Patronsoft Limited ~

alan · **Forum facilitator** Joined: 26 Sep 2003 Posts: 4435

One more thing, if you plan to purchase multiple copies of FirstSpot (i.e. per site model), we can definitely work out some special discount for you. Please email us at firstspot@patronsoft.com for details.
_________________
~ Patronsoft Limited ~

anoa · Joined: 11 Mar 2011 Posts: 15

Ok. DHCP relay would work, however a few questions with that setup:

1) Would I be able to limit to a certain number of address per site (like 50)?
2) Would I be able to subnet each site so I can identify where my traffic is coming from up stream before hitting the internet?

alan · **Forum facilitator** Joined: 26 Sep 2003 Posts: 4435

1) Yes. E.g. for 10.20.7.x segment, you just need to add 10.20.7.51-10.20.7.254 to the Configuration Manager -> DHCP -> Excluded IP list

2) Yes, of course. Since each site will have one unique subnet (e.g. site 1: 10.20.7.x, site 2: 10.20.8.x), you can idetify the site origin by just looking at the source IP.
_________________
~ Patronsoft Limited ~

anoa · Joined: 11 Mar 2011 Posts: 15

"2) Yes, of course. Since each site will have one unique subnet (e.g. site 1: 10.20.7.x, site 2: 10.20.8.x), you can idetify the site origin by just looking at the source IP."

Just to be clear, you are saying that the Firstspot DHCP server will know what subnet address pools to hand out to the different sites, right? (Even though the visitor interface is not in the same subnet?)

What menu are all these DHCP options located in? Is it under DHCP or under multiple network segments?

alan · **Forum facilitator** Joined: 26 Sep 2003 Posts: 4435

2) Yes. FirstSpot gets the subnet information from your router's DHCP relay agent, so it will hand out the IP correctly.

Apart from Excluded IP I mentioned previously, you don't need to set any DHCP setting. As long as you configure Multiple Network Segments correctly, FirstSpot will handle everything.
_________________
~ Patronsoft Limited ~

anoa · Joined: 11 Mar 2011 Posts: 15

Excellent, I think we have our answer.

Thank you for all yours support.