So, here is the situation - I am a network admin at a mid-size municipal ISP. We are almost entirely a FTTH outfit and have a large client base of college students in large apartment complexes. Our standard deployment is pretty simple - FTTH or FTTB and an ethernet port in each apartment where the customer can plug in their device, get a public IP, and go to the internet unfettered aside from bandwidth limiting. We track who has what IPs on what ports for the usual CALEA/DMCA stuff. It all works well and the customers are happy to have zippy fast internet with no data caps.
So far, we do not provide any wireless (wi-fi) service to our end users. Most folks until now have been content to let the residents get their own WAPs and manage them. This simplifies our DMCA/CALEA compliance as we can track violators to a port and remediate violations there. If the WAP gets compromised, it is the customer's problem.
So, here is the fun part - our sales people, without consulting us, put a bid in on a total campus wifi project for an existing customer. So, I am scrambling to find a suitable wifi system that we can manage and support with a lean staff.
This site has about 50 buildings totaling about 500 apartments. Right now, each bedroom in the apartments has an ethernet port. We would add one AP per *apartment* for good coverage. Total active ethernet ports is around 1500, customer count is ~2500. Users are almost all 18-25yo college kids using gobs of streaming services. Current allocated bandwidth is 50Mbps symmetrical, but will get kicked much higher if they go for the new bid.
So, I have been playing with the Ubiquiti Unifi stuff and, yes, I can spin up a bunch of WAPs, switches, and a local controller pretty easily, With a server on site, I can manage 500+ WAPs no problem. Problem is that I don't see any way to track users effectively and mitigate abuse efficiently. I also don't want to have to create user names and passwords in RADIUS every damn semester when 90% of the users change.
My questions to you all:
1. Have any of you admins set up a network similar to this situation?
2. What products have you used?
3. What authentication model did you use?
4. How did you handle abuse and DMCA/CALEA issues?
Thanks!