Tag Archives: Hotspot 2.0

Xirrus Loses One, Wins One

One of the more curious WLAN players in the market, Xirrus is always interesting. The wireless array company certainly doesn’t sit still from a development perspective, and is usually among the first WLAN vendors to get major popular new features announced. I’ve met with Xirrus at Wireless Field Day 5 (their presentations here) and WFD 6, and followed their evolution through the years with a number of articles written about them..

Of late, Xirrus has a bit of a bad news/good news story to tell.

The bad news- they’ve been dropped from Gartner’s 2015 Wired and Wireless LAN Access Infrastructure Magic Quadrant. Many of us in the WLAN industry have fairly low regard for Gartner’s current methodology in this space, but at the same time those in the market for business Wi-Fi frequently refer to the report for information on the pros and cons of industry players. I don’t agree with Xirrus’ exclusion, but it is what it is.

On the sunnier side, Xirrus has just announced a potential game-changing feature for customers struggling to do secure guest Wi-Fi. Called “EasyPass Personal”, it’s easy to mistakenly equate the new offering to the likes of Aerohive’s Private PSK. Xirrus differs significantly from just PPSK in that EasyPass Personal allows the guest/visitor to set up their own SSID and private pre-shared key. Yeah, read that again because it’s pretty wild.

easypasspersonal

See more on Xirrus’ web site here.

My thoughts on EasyPass Personal: I’ve not tried it, so can’t speak to the feature first-hand. My only real concern is whether the generation of personal guest networks in the air creates a lot of management overhead traffic (seems like it could, at first thought). But beyond that, I applaud Xirrus for bringing an innovative new option to the ridiculously challenging paradigm of secure guest access. Hotspot 2.0 is the promised “official” answer to secure guest Wi-Fi, but it’s both complicated and going nowhere. EasyPass Personal *seems* like a nice methodology, so I’d love to hear from Xirrus users who try it.

SMS Authentication- A Nice, Easy Way To Do WLAN Guest Auth

For wireless guest access, there are all kinds of ways to skin the cat. In a perfect world, Hotspot 2.0 will take care of authentication and encryption, and all would be sunny to everyone’s satisfaction. But, that ain’t happening for a while (if ever). It’s becoming more popular to tie guest access to social media “credentials” (a bit of a joke to call ’em that), as there’s usually some marketing hook behind that, and some networks really don’t care WHO you are, like really.

But when you need to have some level of accountability on your guest network for whatever reason, using SMS-based authentication is not a bad option. You can front it with a WPA2 PSK or leave it open (everyone has different use cases, business drivers, and policy), but for answering the challenge of “make it easy on ’em but still let us have some bit of real, verifiable information to tie to a person”, SMS-based auth is hard to beat. 

Years ago, I set off on a quest to find a wireless guest solution that was easy to support, easy for users to self-provision through, and that met our organizational requirement that guest sessions not just be tied to some bogus email account (the joey@asscrack.com thing is funny only so many times in a row) but to use 10-digit cell number as the “User ID”. Though we were a Cisco WLAN back then, Cisco couldn’t come close to fulfilling our simple requirements. Rumor was that Coloubris had a gateway that might work, but this was around when HP bought them and we literally couldn’t find a human being walking the earth that could tell us anything meaningful about that gateway. Then there was Bluesocket (now ADTRAN). When I first approached them with my needs, they- like Cisco- couldn’t do self-provision SMS based with. And like Cisco, they tried telling me that if I was willing to change my requirements, they could provide a solution. But when I pushed back, Bluesocket was willing to do a little bit of development and was able to provide something that really was ahead of it’s time (we’re talking like 2006 here):

Image

 

Sure, it’s not so impressive today given that there are now lots of other guest portals that do SMS, but it still works very well, and is what we continue to use at my University because it does just work. Unfortunately, you have to invest in a full-blown Bluesocket appliance to get the functionality, but even that’s not all bad.  The appliance works well as DHCP, firewalling, NAT, rate limiting, quarantine, MAC exception home for odd stuff that fits nowhere else and a handful of other guest-relevant functions, but also has (and is over-priced based on) lots of Bluesocket-specific WLAN stuff you’ll never use if you don’t have Bluesocket APs. And the appliance hardware is pretty dated. But… on balance, this has been dynamite- and is the only off-the-shelf 3rd party gateway kind of thing  that I’m aware of that you could bolt on to anyone’s WLAN and make work if you didn’t like what your native solution does for guest access (Sorry Cisco, you still don’t get easy guest access as far as I can tell).

Then there’s Meraki’s version. The SMS auth groove is new to Meraki, and they still have some development to do on it before I’ll sing it’s praises too loudly, but it works good. I’m about to deploy it in a unique situation, and am pretty pleased with it’s slick integration to Twilio as the SMS provider, and that I pay nothing extra to Meraki for exactly the SMS auth feature I want:

Image

 

No extra appliance needed, no additional fees, and it works so, so nicely with the rest of the magic in the Meraki cloud-managed wireless solution.  Where it is feature-thin, I can work around until they tighten it up (and I did make my wish last week, so I’m assuming the elves on Mount Meraki are almost done already). It only works with Twilio as the SMS service, but that’s OK as Twilio is cheaper than cheap, and each texted password costs you a penny. (We use Message Media for the Bluesocket, is more expensive and less snappy in my experience).

Anyhow- If you’ve never gone the SMS path for guest access, I can vouch for it’s effectiveness. Though I personally have no use for social media logins, I understand the appeal in certain markets (but would never use my own accounts for guest access- I’d rather go without). SMS is just another option to consider. Combine it with Personal PSK, and I think users and admins would both win, at least in my wireless world.

Pssst- If you have a Dashboard, Meraki is easy to try- and you get 25 free Twiio interactions so you can feel what the experience is like for texting the auto-generated password from your own easy-to-customize splash page before signing up for a Twilio account.

(I find Twilio almost as much fun to say as LaserFiche, by the way)