Epmp 1000 hotspot how to disconnect wireless client

HI,

We'd like to use Cambium EPMP hotspot for several free wifi projects but we are having trouble to find a way to kick wireless client off.

What we have in mind is to use EPMP hotspot's packet capture fucntion with our own codes to come with a system that will automatlcally kick user off if they use over certain quota, let's say 1GB per day. Everything looks all right so far but we are having trouble to disconnect client with either MAC or IP.

Any idea will be very much appericated.

Merry Christmas and Happy new year!

Ben 


@yihan wrote:

HI,

We'd like to use Cambium EPMP hotspot for several free wifi projects but we are having trouble to find a way to kick wireless client off.

What we have in mind is to use EPMP hotspot's packet capture fucntion with our own codes to come with a system that will automatlcally kick user off if they use over certain quota, let's say 1GB per day. Everything looks all right so far but we are having trouble to disconnect client with either MAC or IP.

Any idea will be very much appericated.

Merry Christmas and Happy new year!

Ben 


RADIUS MAC-authentication, interim-accounting and dynamic authorization could be used for this:

- when a client connects, the AP will check its MAC address on your RADIUS server and if the MAC has not exceeded its limits it will be allowed access.

- interim accounting from the AP will periodically report how many packets a client has transmitted, so the server can track when the user reaches the quota.

- dynamic authorization Disconnect Message from the RADIUS server will disconnec the client, and now if it connects back the MAC authentication will fail as the server knows user has exceeded their quota.

Thanks. 

Is there any way to do it without Raidus server? By hotspot itself or cnMaestro will be better.

All we are looking for is a command to disconnect a specified user.

Ben 


@yihan wrote:

Thanks. 

Is there any way to do it without Raidus server? By hotspot itself or cnMaestro will be better.

All we are looking for is a command to disconnect a specified user.

Ben 


there is a CLI command: 'no wireless client AA-BB-CC-DD-EE-FF' which will disconnect the client, but then if there is no authentication in place the client will end up connecting right back, are you blocking the traffic from teh client elsewhere? You can invoke this CLI by ssh'ing into the AP (can be done from a script/program).

On the hotspot itself you could block a MAC from connecting but it will involve a configuration change to add the MAC to the mac-acl, and that has a limit of 256 entries.

Thanks agian for your quick response. 

What you said is exactly what we have in mind.

The whole logic will be:

Public connects to our network via Hotspot Guest Access

A server will keep retriving  packet capture log from hotspot via ssh

A program will run in the server to accumlate usage based on MAC

when a MAC exceeds free limit, it invokes 2 commands into hotspot. 1 to disconnect user and the other to block user

at midnight, a schduled job will reset the ACL on hotspot via ssh from server

Do you have any better idea? 

We do have a radius server in place but that will only work for a wifi device in bridge mode. Is it possible to set the Hotspot in Bridge mode by the way? The settings on Hotspot is really not convential as other as you might know...

Thanks a lot mate. 

Cheers

Ben


@yihan wrote:

Thanks agian for your quick response. 

What you said is exactly what we have in mind.

The whole logic will be:

Public connects to our network via Hotspot Guest Access

A server will keep retriving  packet capture log from hotspot via ssh

A program will run in the server to accumlate usage based on MAC

when a MAC exceeds free limit, it invokes 2 commands into hotspot. 1 to disconnect user and the other to block user

at midnight, a schduled job will reset the ACL on hotspot via ssh from server

Do you have any better idea? 

We do have a radius server in place but that will only work for a wifi device in bridge mode. Is it possible to set the Hotspot in Bridge mode by the way? The settings on Hotspot is really not convential as other as you might know...

Thanks a lot mate. 

Cheers

Ben


ok looks like you already have all this working well! the 'no wirelss client' is the only change needed (will delete the client, though adding it to the ACL should also do it).

An alternate is to use mac-authentication on that SSID, this way the blocking/unblocking of clients can happen on your server, without making a config change or having to log into each AP.

Could you please clarify the RADIUS server needing the wifi device in bridge mode? the ePMP1000 Hotspot can do bridge mode (in fact thats the default, the routed mode requires more config of network-interfaces, routes/NAT etc)

Hi, 

I didn't realize epmp hotspot is in bridge mode by default. I did take me a while to make the NAT working properly.

Our current radius server is actually a wifi server. It has 3 systems: free raidus for authorization, ChilliSpot as wireless LAN access point controller and EasyHotspot as billing and management system. 

They are all open source and we've managed to make them all work as one whole system for another wifi project. The server has 2 ethernet interfaces and handles everything. Radio was set to bridge mode simply to spread the Internet out. 

Hoewever, we are hoping epmp hotspot can save us such effort of putting one wifi server in for each access point.