I need some help in deciding between an external RADIUS server and using the HotSpot function in RouterOS.
Situation: Student house
Active users: 20+
Active devices: 50+ (ranging from PC's to smartphones to XBOX)
Active connections: 500 ~ 2000 (some are using torrent)
Router: RB1100AHx2 (it's overkill, I know)
Access Points: 3 x RB751U-2HnD
Internet connection: Consumer 120 mbit UP / 12mbit DOWN (theoretically)
INTERNET <-> RB1100AHx2 <-> RB751U-2HnD <-> USER
CURRENT TECHNIQUES USED
- PoE (RBGPOE) for the AP's
- CAT5e SFTP High Quality cables
- WPA2 AES
- All AP's share the same SSID
- Simple user authentication for PC's / Smartphones / Xbox / Tablets
- No unique user authentication
In this student house, one person has the internet contract on his name (the 'Internet Master'). The costs of this internet connection are evenly shared among the residents who like to have internet.
The problem in this is that not everybody wants to pay for the internet, or that they only pay 2 months later when you asked them 20 times....
So if one of the residents decides not to pay for the internet, we need to change the WPA2 passwords every time and hope that he will not find out about the new password. Another issue that it suggested is that one user pays his share for the internet, but that password is used by others who didn't pay.
My first thought was to implement a EAP-TLS solution.
Reason for choosing a EAP-TLS solution is that in this way, every user has to configure their devices (laptops, smartphones, etc.) only once and that the 'Internet Master' can switch on and off his or her connection, if he didn't pay (in time). Unfortunately, RouterOS does not support RADIUS / EAP-TLS services unless it is an external solution outside of RouterOS.
Perhaps the HotSpot solution in RouterOS can be of help. I read the forum and manuals for a few days now and on a couple of pages, where they where talking about EAP-TLS, one is referred to the HotSpot solution using User Manager. I understand that it is possible to implement a solution where every user has to actively login before they have internet access.
The management needs to be done by the person who has the internet contract (Internet Master), who isn't a real network expert...
I hoped to find a solution on my own using the manual's and the User Manager online demo.
The demo does not work, and I can't find the User Manager package on the RouterBoard website...
The real question here is, is it possible to make such an solution where a user has to login only once in their lifetime / long period, to have continuous internet access. Especially because it will not be a good working solution if a smart phone user has to actively login every time to have their smartphones synced with their e-mail accounts / Facebook / etc.. As I understand it, a user has to manually login every time they need internet access.
If someone could help me with this challenge, I would be most grateful!
Also, thank you for reading my story
Off course, I'm not asking to chew everything for me, I am very eager to learn and to read but I just did not know where to start basically.