Centrally managed Access point with the ability to access 1 site but also push twitter and facebook

Diakatarnis · 5 Jul 2011 at 19:48

Ok so its a long topic i know.

I'm after some access points that can be centrally managed using a cloud interface. I currently have some maraki ones, but they only do 1/2 the job and im having issues with iphones (again...)

I would like people to log onto the access point but only be able to view the website i have selected (in the case im looking at its an intranet site) i have done this before by using dns to catch all requests and forward them to the hosted sites ip.

However, the issues im having are:

iphones need to talk to apple so when you log onto the free access point they come up with a silly login thing and refuse to play videos, this downt happen with any android, symbian or blackberry device, only the iphone.

I would like to let people publish twitter and facebook feeds but not be able to surf facebook (if that makes sense sort of a send but dont recieve kind of affair)

Does anyone have some suggestions on access points that will accomplish this task but wont cost the earth?

ecksmen · 5 Jul 2011 at 20:49

Looking for an all in one may not be the best way. An easy, and cheap with a lot of flexibility would be to do something like this.

A transparent proxy / firewall, such as Smoothwall, PFsense with whitelists of allowed domains. This would be your DNS and DHCP server for the network.

It would have two network interfaces, one connected to the internet or your protected network segment (ie backend firewall).

The second network would then connect into your switching network for wifi etc... which I would look at a set and forget setup, unless its a large deployment.

Diakatarnis · 5 Jul 2011 at 22:05

I agree, this is how i would like to have it done, but the units are going in 40 seperate locations around the country and need to point towards a website, so cost wise it doesnt work out when you start having to put multiple pieces of equipement in.

I'm part of the way there, but iphone want to speak to apple.com all the time so they throw up errors when you dont let them, also the units i currently have do not allow (or at least i cant work out how to) do one way facebook posts.

Skidilliplop · 5 Jul 2011 at 23:34

Sounds like you're after something that supports captive portals.
Most WLAN Controllers will do this. For a distibuted setup you could use either one controller centrally and tunnel traffic to it, or smaller ones per site.

The Trapeze MX units do all this. The MX-2 is designed for branch office deployments and would suit the per site approach, or you could get an MX-200 (or two clustered if you want fancy HA) and have them all tunnel to that for management.

note: Juniper bought them so the models have changed. I think the APs are now prefixed WLA isnteald of MP and the MX controllers are now WLC2 and WLC200.