SMS authorization with Enterasys WiFi without NAC


Userlevel 4
Hello, everybody!

I have a client (University) who needs Wi-Fi infrastracture - about 300-500 APs. Apart from RADIUS authorization for students and employees, they need also SMS authorization for guest users (current law regulations require it).

I know that in Enterasys I may redirect users to "External" portal (and some other sorts of portals).

My question is: may I set up SMS authorization WITHOUT NAC in Enterasys Wifi?

There are 14.000 users in the University and Netsight+NAC will double my budget((((

Many thanks in advance,

Ilya

6 replies

Userlevel 5
Hi Ilia , if no NAC in the deployment , you would have to use an external Captive Portal which will do the SMS verification for you . Then this portal will send an API call back to the controller with corresponded Policy Role . The Integration guide you can find on the official Extreme documentation page - there are some examples of how to build such external Portal (in terms of API calls) . You would need to figure out how to hook the portal to the SMS gateway yourself. I know some people making a simple script which parsing the phone number from the page and then sending it to the phone provider in a form of @sms_provider_email (depends if providers in your country support that method) . Otherwise - full SMS gateway , which I believe is also not free.
Userlevel 4
Ostrovsky, Yury wrote:

Hi Ilia , if no NAC in the deployment , you would have to use an external Captive Portal which will do the SMS verification for you . Then this portal will send an API call back to the controller with corresponded Policy Role . The Integration guide you can find on the official Extreme documentation page - there are some examples of how to build such external Portal (in terms of API calls) . You would need to figure out how to hook the portal to the SMS gateway yourself. I know some people making a simple script which parsing the phone number from the page and then sending it to the phone provider in a form of @sms_provider_email (depends if providers in your country support that method) . Otherwise - full SMS gateway , which I believe is also not free.

Yury,

many thanks for your reply! Did you mention this document (Integration) - http://documentation.extremenetworks.com/wireless/v10_31/Integration_Guide/Wireless_Integration_Guid... ?

P.S. Please, correct me, but am I right that you were friend of L.M.Bokshtein (may his soul rest in peace)? He often called "to Yury from Canada" in case of difficulties with NMS/Identifi... Unfortunately Extreme's HUB engine doesn't allow private conversations.
Userlevel 5
Ostrovsky, Yury wrote:

Hi Ilia , if no NAC in the deployment , you would have to use an external Captive Portal which will do the SMS verification for you . Then this portal will send an API call back to the controller with corresponded Policy Role . The Integration guide you can find on the official Extreme documentation page - there are some examples of how to build such external Portal (in terms of API calls) . You would need to figure out how to hook the portal to the SMS gateway yourself. I know some people making a simple script which parsing the phone number from the page and then sending it to the phone provider in a form of @sms_provider_email (depends if providers in your country support that method) . Otherwise - full SMS gateway , which I believe is also not free.

Correct , Lev was very good friend of mine . R.I.P.
I was about to say, take a look at the IdentiFi API. You could program this all yourself with a GSM SMS modem/gateway and some PHP.
You might want to check out PacketFence, it's an open source NAC that can do SMS guest registration. I don't know how good the integration with ExtremeWireless is though.
Userlevel 2
I know of a tool named "Magallanes" from a company called Esferize. They provide external portal for hotels with SMS integration. You could have a look.

Reply