What's new

Deploying WPA2 Enterprise (Radius) inexpensively and reliably..

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

claykin

Very Senior Member
So, I'm charged with deploying an 802.11n network in a two floor office with a staff of about 150 (only about 40 in office daily). Actual number of wifi devices online at any given time are 20 laptops and 30 phones/tablets.

Looking at using Ubiquiti 2.4Ghz LR AP's (probably 2 per floor initially) but I need to figure out the most cost effective way to address the Radius implementation.

I've done TekRadius before on Win Server, and I can do that here. However, I was giving this more thought since they have Win Server 2012 Essentials (only 7 AD user accounts) and they also need an SMTP server. So, I was thinking that I could use a Synology NAS for multiple things such as Radius, SMTP and to be the local backup destination for critical PC's (amongst other things since Synology has so many addons).

Does anyone have thoughts, recommendations? Or just want to smack me and point me in a better direction?
 
The bottleneck is the AD with the limited client license.

AD works awesome for suporting AAA dipping into the LDAP server - As for the AAA freeradius or other, but you should advise the client to upgrade the license for the ActiveDirectory server - welcome to the hell of Microsoft CAL license levels :D

Alternate path - MacMini Server Edition with 4 Airport Extremes - OS X service can manage the AP's in managed mode, and integrate well with AD (or migrate from AD).

MacMini servers play well with Windows and *nix environments, including Macs, and the nice thing with OS X server, there's no Client Access Limits. Not only OpenDirectory support, but SMB servers for Windows networking, a WikiServer for Sharepoint like services - for a small/medium business, they're often overlooked, but they are a very cost effective option.

If you requistion the MacMini Server, you also get access to Apple's Business support team, which is a step above the consumer levels. You can also buy a consumer grade MacMini, and buy the server add-on, but the support is a bit less.

http://www.apple.com/osx/server/

Enough of that.

Getting back on track - look at the coverage areas - and the number of clients in each area. You might need more than two AP's per floor. I'm thinking maybe 3 or 4 per floor - lot depends on how much WLAN utilization you anticipate over the next 2-3 years (3 year ROI in many companies for investing in projects)

sfx
 
The bottleneck is the AD with the limited client license.

AD works awesome for suporting AAA dipping into the LDAP server - As for the AAA freeradius or other, but you should advise the client to upgrade the license for the ActiveDirectory server - welcome to the hell of Microsoft CAL license levels :D

Alternate path - MacMini Server Edition with 4 Airport Extremes - OS X service can manage the AP's in managed mode, and integrate well with AD (or migrate from AD).

MacMini servers play well with Windows and *nix environments, including Macs, and the nice thing with OS X server, there's no Client Access Limits. Not only OpenDirectory support, but SMB servers for Windows networking, a WikiServer for Sharepoint like services - for a small/medium business, they're often overlooked, but they are a very cost effective option.

If you requistion the MacMini Server, you also get access to Apple's Business support team, which is a step above the consumer levels. You can also buy a consumer grade MacMini, and buy the server add-on, but the support is a bit less.

http://www.apple.com/osx/server/

Enough of that.

Getting back on track - look at the coverage areas - and the number of clients in each area. You might need more than two AP's per floor. I'm thinking maybe 3 or 4 per floor - lot depends on how much WLAN utilization you anticipate over the next 2-3 years (3 year ROI in many companies for investing in projects)

sfx

Thanks. Server 2012 Essentials isn't really the issue. 90%+ of users in the office are NOT on the domain (by choice and for good reason since these users are considered subcontractors and use their own laptops). My plan would be to use the Synology Radius Server and Synology LDAP Server to provide WPA2 Enterprise accounts for those non AD users.
 
You could them on the domain and create a profile for them in AD so they would only be able to access certain segments that you deem not high level. Other companies do this on their Enterprise Domain for their sub contractors.

They have VPN access like employees but again there are limited restrictions for certain access. You have your plan idea and just suggesting from experience.

Anyway good luck on your idea.
 
You could them on the domain and create a profile for them in AD so they would only be able to access certain segments that you deem not high level. Other companies do this on their Enterprise Domain for their sub contractors.

They have VPN access like employees but again there are limited restrictions for certain access. You have your plan idea and just suggesting from experience.

Anyway good luck on your idea.

Preference is to NOT add them to domain. Server 2012 Essentials is limited to 25 CAL's. If they need more CAL's they must convert to Standard and add CAL's. Too expensive and unnecessary just for WPA2 Enterprise for non AD users.

This is part of the reason why I want to use a Synology NAS to handle Radius/LDAP server. Also Synology has a built in SMTP server and can act as an FTP server, backup destination, support ticket host, etc...
 
Last edited:

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top