Discover everything you need to know about setting up, managing, and monitoring Nagios WiFi.
Management tools
System Configuration, Administration, and Monitoring
Nagios is the standard in open-source based IT systems monitoring solutions. Nagios allows for the monitoring of the entire IT infrastructure to ensure that systems, applications, services, and business processes are functioning correctly. Technical team members will be informed quickly and appropriately as a preliminary step to the WiFi Nagios solution and configuration process.
Advantages. Comprehensive monitoring. It offers a true picture of the status of all critical components of your system. Including applications, services, operating systems, network protocols, system metrics, and network infrastructure.
Full visibility. Nagios consolidates itself as the solution that offers you a complete and real view of the status of your IT assets and business objects. Therefore, it leads to a fluidity in incident notification: alerts are sent to support staff via email, SMS, etc. Notification escalation capabilities ensure that alerts will always be known by the right people.
Proactive actions. In response to certain events, event handlers allow actions such as application restarts on servers, configuration application on devices, etc., to be carried out.
Reports. Ensures that established SLA levels are met by providing historical insights into incidents, notifications, and alert responses for subsequent analysis.
Extensible architecture. Nagios is easily integrable with third-party applications such as inventory or ticketing systems. The thousands of developments freely contributed by the support community ensure unmatched integration levels.
Why a WiFi configuration Nagios?
Because it is an open-source-based product. If your organization is in the private sector, you will gain technological independence. This means you will avoid dependency on a product and its distribution channel, support, and maintenance. If your organization is in public administration, you will align your policies with the European Union's recommendations on the use of open-source software.
With support for more than 50%, Nagios is the preferred tool for IT infrastructure management, far ahead of other tools such as Bacula, OpenNMS, or Zenoss.
Nagios has an extensive, robust, and organized support community. It offers free add-ons and plugins to extend its functionalities through Nagios Exchange, background information. In addition to help through the Nagios Community and technical information through the Nagios Wiki.
Monitoring Technologies
- Active Checkups
- Passive Checks
- Distributed Monitoring
- Remote Monitoring
- Monitoring plugins
- Scalable system
Problem Solving
- Failure detection
- Alerts and Notifications
- Automatic service restart
- Automatic app restart
- Scheduling downtime.
Protocol Monitoring
HTTP, DNS, FTP, SNMP, SMTP, SSH, LDAP, IMAP, POP3, ICMP, DHCP, and IPMI
Wireless network monitoring
It will be carried out using the WHG315P controller from 4ipnet, which in turn will be monitored by the NAGIOS controller. All via SNMP protocol through an SSL encrypted tunnel, to attend to preventive and corrective measures by network and systems technicians.
Monitoring will be done on Layer II, Layer III, and Layer VII in network infrastructure.
- Traffic consumption
- Quality of Service
- Package Management (DPI)
- VLANs
- Access point operation
- User statistics
Alvarion Wbsn 2400 wireless points will be monitored with the Nagios WiFi controller and configuration individually via SNMP protocol, in order to obtain a more detailed study of:
- RF channel usage
- Noise analysis
- Traffic demanded by access point
- Number of users connected per access point
- CPU/memory usage
- Access point traffic monitoring with an alarm system
- Usability
- DoS Attack Forecast
Network monitoring:
Network monitoring will be centralized within the network subgroup, where the proper functioning of the ADSL Line Balancer, Hotspot, and various installed switches will be evaluated. Likewise, as we described previously, we will use the SNMP protocol for log study, for which we will analyze:
- Usability
- Traffic demand
- DoS Attack Forecast
- Packages (DPI)
Security Management and Control
It will be integrated into the access point controller, which in turn performs the Hotspot function. From this device, the following actions will be performed:
- Access point and user management
- Access Policies
- Flexible accounting and billing
- Paid and Free VLAN Management
- Consumption control and management
- Flexibility to scale macro networks
User Profiles: Access and Service
Thanks to the WHG315P Access Point Controller, the deployment of distributed access point services is incorporated in a convenient and economical way. While most operators prefer to use external RADIUS servers as an authentication database, the WHG.
For rapid deployment, the WHG315P supports two authentication methods: UAM and 802.1X. It is capable of supporting locally-uploaded custom UAM web pages as well as external UAM web pages residing on external Web servers. Additionally, the WHG315P's service zone concept allows for one controller to handle multiple franchised access points simultaneously.
In summary, the WHG315P is feature-rich and compatible with multiple Internet Access Service business models, whether for wired or wireless client management. It can be configured to suit private corporations, government agencies, academic centers, multi-tenant units (MTUs), and WISP hotspot operations. The WHG product series from 4ipnet aims to offer the best value.
Features and benefits
- Simplify the implementation and reliable connection to the Internet
- Robust network security capabilities for enterprise applications
- Protection against malicious DoS attacks
- Access Control and Comprehensive User Management
- Secure account generation for visitors
- Individual bandwidth limit that enables traffic control for users in different scenarios
- Centralized Access Point (AP) Management
- Centralized with remote control and automatic AP discovery via the administration web interface, including AP configuration, connection status, enable/disable, and firmware reset and/or update.
User Management and Access Control
Supports 4000 local accounts and 4000 on-demand accounts, facilitates on-demand accounts for visitors or free access, Supports local user account roaming.
Supported authentication methods: Local and on-demand accounts, POP3, LDAP, RADIUS, Windows Domain, and SIP authentication.
Single sign-on for Windows domains
- Allow MAC address binding for local user authentication
- Supports MAC access control list
Supports self-expiring guest accounts
Users can be divided into user groups; each user group has its own network properties, including bandwidth, QoS, accessible service zones, and other privileges
- Quality of Service (QoS) and WMM traffic types: Voice, Video, Best Effort, and Background
- Each group can have different network policies in different service areas
- Concurrent sessions limit per user (TCP/UDP)
- Configurable user blacklist Export/Import local user list to a text archive
Easy and flexible accounting and invoicing
Configurable billing profiles allow operators to customize billing plans for on-demand users.
Support:
- Pay by credit card via Authorize.net, PayPal, SecurePay, and WorldPay.
- For location-based services, Hotspot and customizable UAM web pages
The logical concept of the Service Zone allows the controller to segment clients by zones and provide different portals and network policies.
When combined with a VLAN switch and DSLAM devices, the controller can use its port mapping feature to identify the location of each customer and thus provide differentiated services. Similarly, a hotel guest does not have to enter a password every time they want to access the Internet in their room.
With the creation of several service zones and the utilization of custom pages or external site pages. Therefore, a single controller can serve as a transparent access point for multiple franchises for customers.
A guest can obtain an internet access account at check-in, or sign up for internet access service from anywhere and at any time without employee assistance. With PMS integration, the customer will be individually charged on their bill.
Report Generation:
The Nagios system is capable of manually or automatically generating global or centralized reports on network infrastructure. Likewise, it allows for the generation of reports with critical points evaluated and detected on the network over different periods: hours, days, weeks, months, etc.
In summary, all installed hardware equipment will be monitored, unifying management and security into a single mechanism.
Notification system: via Email (this will be used), SMS, phone call, and custom notifications.
Wireless network security:
The user wants to implement a user authentication system via HotSpot. The system has several employees and will offer a Wi-Fi service to customers visiting their facilities, charging them for it.
To implement an access control mechanism, we will distinguish between two types of user groups: «employees» on one hand and «visitors» on the other. Each group will have specific privileges. For example, «employees» must have higher bandwidth with no time restrictions, as well as access to the internal network. Visitors, on the other hand, should only be able to access the Internet with bandwidth and time restrictions, and should be denied access to the company’s internal network.
Employees will connect via wired connection or through access points, connecting to a specific employee-only SSID in this case. Guests will connect to an SSID that we will define according to the event.
Once we are clear on what we need, we can then configure the Nagios WiFi for the equipment. For this, we will have 2 possibilities: create a design intended for management at the TAG level. Alternatively, we will configure the Nagios WiFi for management at the port level, where we will see the differences implied by each scenario.
can you know more about the State of Cybersecurity in Spainattacks, prevention, and the most influential organizations.
1.2.1 - Port-Based
If the Nagios-based WiFi port configuration is used, it implies that each LAN port of the Hotspot manages a single service zone. It is possible to independently define one zone or the same zone (if only one is used) for all Hotspot LAN ports, or one zone per port, as desired. However, it is necessary to physically separate the networks for each service zone. For example, we could not share the cabling and install two access points, one for «Employees» and another for «Visitors,» as they would physically connect to the same Hotspot port and thus be assigned the same service zone.
1.2.2 - Tag-based
In tag-based configuration, the scenario changes, as all HotSpot LAN ports manage all service zones, but at the VLAN TAG level. Depending on the VLAN tag it receives, it applies it to one service zone or another. If that VLAN tag is not defined in the HotSpot, the packet is discarded. Therefore, it implies that we can share the same cabling for all service zones, but with the requirement that access points with VLAN tagging must be used.
The intermediate switches between the HotSpot and the access points must be manageable (manage VLANs) otherwise the scenario will not work. In this mode of operation, if we use access points that allow multiple SSIDs with VLAN tagging, we can use the same access point to broadcast 2 different SSIDs. Each of them will be associated with a different hotspot service zone. This way, both «employees» and «guests» can access the network through their respective service zones.
TAG Level Security
The security system will be at the TAG level, as there is network electronics that allow for VLAN tagging, manageable switches, access points with multiple SSIDs, making this a scalable and centralized system.
Additionally, you can find much more information on our blog about the entire telecommunications sector, for example, Everything about migration with the WebDeploy 2.0 tool.