Jump to content

Extending Router Hotspot Network with TAP100: Difference between revisions

No edit summary
 
(27 intermediate revisions by the same user not shown)
Line 1: Line 1:
<p style="color:red">The information in this page is updated in accordance with [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.05.0'''] firmware version. .</p>  
<p style="color:red">The information in this page is updated in accordance with [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.08'''] firmware version. .</p>  


==Introduction==
==Introduction==
Line 8: Line 8:
Before we begin, let's take a look at the configuration that we are attempting to achieve and the prerequisites that make it possible. For this setup we are going to use Teltonika router RUT956 and access point TAP100.
Before we begin, let's take a look at the configuration that we are attempting to achieve and the prerequisites that make it possible. For this setup we are going to use Teltonika router RUT956 and access point TAP100.


[[File:615930_TAP100.png|border|class=tlt-border]]
[[File:615930_TAP100.png|border|class=tlt-border |1000x1000px]]


'''Prerequisites:'''  
'''Prerequisites:'''  
Line 32: Line 32:
<li>Press Save & Apply button </li>
<li>Press Save & Apply button </li>
</ol>
</ol>
[[File:VLAN HOTSPOT CONFIGURATION SOL2.png|border|class=tlt-border]]
[[File:VLAN HOTSPOT CONFIGURATION SOL2.png|border|class=tlt-border|1000px]]


===Creating Management Firewall Zone===
----
<ol>
<li>Open '''WebUI -> Network -> Firewall -> General Settings -> Zones''', Add new zone</li>
</ol>
[[File:fw_zone_1.png|border|center|1000x274px]]
====Zone Management====
----
=====General Settings=====
----
Make following changes in the new zone:
<ol>
<li>Enter Name: '''Management'''</li>
<li>Selec Input: '''Accept'''</li>
<li>Select Allow forward to destination zones: '''lan'''</li>
</ol>
[[File:fw_zone_2.png|border|center|1000x638px]]


====Management VLAN interface configuration====
====Management VLAN interface configuration====
----
After adding the new VLANs, the next step is to configure the interfaces that will be associated with these VLANs. In this example, we will begin by configuring the "Management" interface, which is intended for device management. To do this, navigate on router WebUI to '''Network -> LAN'''. While there, add new interface. To do this, simply just write management or any other name that you prefer for this interface and press add.  In pop-up window you need to do the following steps :  
After adding the new VLANs, the next step is to configure the interfaces that will be associated with these VLANs. In this example, we will begin by configuring the "Management" interface, which is intended for device management. To do this, navigate on router WebUI to '''Network -> LAN'''. While there, add new interface. To do this, simply just write management or any other name that you prefer for this interface and press add.  In pop-up window you need to do the following steps :  
<ol>
<ol>
Line 44: Line 63:
<li>Enable DHCP server</li>
<li>Enable DHCP server</li>


[[File:Hotspot management interface conf1.png|border|class=tlt-border]]
[[File:Hotspot_1_lan.png|border|class=tlt-border|1000px]]


<li> Next, we need to navigate to Physical Settings of the same interface and choose eth0.150 interface </li>
<li> Next, we need to navigate to Physical Settings of the same interface and choose eth0.150 interface </li>
[[File:Hotspot management interface conf2.png|border|class=tlt-border]]
[[File:Hotspot_2_lan.png|border|class=tlt-border|1000px]]
<li> Lastly, we need to navigate to Firewall settings of the same interface and add custom "Management" zone </li>
<li> Lastly, we need to navigate to Firewall settings of the same interface and add custom "Management" zone </li>
[[File:Hotspot management interface conf3.png|border|class=tlt-border]]
[[File:Hotspot_3_lan.png|border|class=tlt-border|1000px]]
</ol>
</ol>


Line 56: Line 75:
<ol>
<ol>
<li>Enable the interface</li>
<li>Enable the interface</li>
<li>Enter interface name as "Hotspot"</li>
<li>Protocol should be set as "None"</li>
<li>Protocol should be set as "None"</li>
[[File:Hotspot hotspot interface1.png|border|class=tlt-border]]
[[File:Hotspot_4_lan.png|border|class=tlt-border|1000px]]


<li>Next, In physical settings choose eth0.50 interface and turn on "Bridge Interfaces" option by clicking the button next to it</li>
<li>Next, In physical settings turn on "Bridge Interfaces"</li>
[[File:Hotspot hotspot interface2.png|border|class=tlt-border]]
<li>Additionally select eth0.50 interface</li>
[[File:Hotspot_5_lan.png|border|class=tlt-border|1000px]]
<li>Lastly, In firewall settings, choose LAN zone</li>
<li>Lastly, In firewall settings, choose LAN zone</li>
[[File:Hotspot hotspot interface3.png|border|class=tlt-border]]
[[File:Hotspot_6_lan.png|border|class=tlt-border|1000px]]
<li>Dont forget to press Save & Apply</li>
<li>Dont forget to press Save & Apply</li>
</ol>
</ol>


===Router Hotspot configuration===
===Router Hotspot configuration===
Line 81: Line 101:
</ol>
</ol>
It's crucial to remember and securely store these credentials, as they will be used by users to authenticate themselves on the hotspot network successfully.
It's crucial to remember and securely store these credentials, as they will be used by users to authenticate themselves on the hotspot network successfully.
[[File:Local Users 956 Hotspot.png|border|class=tlt-border]]
[[File:Hotspot_7_lan.png|border|class=tlt-border|1000px]]
====Hotspot interface configuration====
====Hotspot interface configuration====
----
----
Line 89: Line 109:
<li> Press "ADD" button </li>
<li> Press "ADD" button </li>
</ol>
</ol>
[[File:Hotspot HOTSPOTTT.png|border|class=tlt-border]]
[[File:Hotspot_8_lan.png|border|class=tlt-border|1000px]]


Next, in the pop-up window, please click the "Enable" button. You can choose to either leave all other settings at their default values or make adjustments as per your preferences. For the purpose of this configuration, we'll maintain the default settings.
Next, in the pop-up window, please click the "Enable" button. You can choose to either leave all other settings at their default values or make adjustments as per your preferences. For the purpose of this configuration, we'll maintain the default settings.


[[File:Hotpost interface enable.png|border|class=tlt-border]]
[[File:Hotspot_9_lan.png|border|class=tlt-border|1000px]]
 


==Access point (TAP100) configuration==
==Access point (TAP100) configuration==
Line 102: Line 121:


After successfully establishing a connection to the TAP100 WebUI, the next step is to navigate to '''Network -> Wireless SSIDs'''. Within this section, press edit button on SSID and in pop-up window on VLAN ID option choose custom and enter 50.   
After successfully establishing a connection to the TAP100 WebUI, the next step is to navigate to '''Network -> Wireless SSIDs'''. Within this section, press edit button on SSID and in pop-up window on VLAN ID option choose custom and enter 50.   
[[File:tap100_ssid_config.png|border|class=tlt-border]]
[[File:Hotspot_10_lan.png|border|class=tlt-border|1000px]]


After this, navigate to '''Network -> IP Settings''' and under Management VLAN option choose custom and enter 150. Also, make sure that Mode is set to Static + DHCP.  
After this, navigate to '''Network -> IP Settings''' and under Management VLAN option choose custom and enter 150. Also, make sure that Mode is set to Static + DHCP.  
[[File:Tap100 ipsettings.png|border|class=tlt-border]]
[[File:Hotspot_11_lan.png|border|class=tlt-border|1000px]]


That concludes the necessary configuration steps for the TAP100. Now, let's establish the connection between your router and the TAP100. To do this, you can simply connect one end of an Ethernet cable to the router's LAN3 port and the other end to the TAP100's Ethernet IN port on the PoE injector. For more detailed installation instructions, please refer to the installation guide which can be found [https://wiki.teltonika-networks.com/view/QSG_TAP100#Installation_Guide here]
That concludes the necessary configuration steps for the TAP100. Now, let's establish the connection between your router and the TAP100. To do this, you can simply connect one end of an Ethernet cable to the router's LAN3 port and the other end to the TAP100's Ethernet IN port on the PoE injector. For more detailed installation instructions, please refer to the installation guide which can be found [https://wiki.teltonika-networks.com/view/QSG_TAP100#Installation_Guide here]
Line 125: Line 144:
<li> Press "ADD" button  </li>
<li> Press "ADD" button  </li>
</ol>
</ol>
[[File:Hotspot firewall rule router access.png|border|class=tlt-border]]
[[File:Hotspot_12_lan.png|border|class=tlt-border|1000px]]
 
<br>
After completing these steps, a pop-up window will appear, where you need to enter the following details:
After completing these steps, a pop-up window will appear, where you need to enter the following details:


Line 135: Line 154:
<li> Don't forget to enable and save it </li>
<li> Don't forget to enable and save it </li>
</ol>
</ol>
[[File:Firewallrule2.png|border|class=tlt-border]]
[[File:Hotspot_13_lan.png|border|class=tlt-border|1000px]]
 
With this firewall rule in place, all clients connected to the hotspot will have access to the router's WebUI using the router LAN address.
With this firewall rule in place, all clients connected to the hotspot will have access to the router's WebUI using the router LAN address.


Line 143: Line 163:
<li> Access your TAP100 WebUI </li>
<li> Access your TAP100 WebUI </li>
<li> Navigate to '''Network -> Wireless''' and click on the "Edit" button for your interface </li>
<li> Navigate to '''Network -> Wireless''' and click on the "Edit" button for your interface </li>
<li> In the configuration window, go to the Advanced Settings section and enable the "Isolate Clients" option by clicking the "ON" button </li>
<li> In the configuration window, go to the Additional Settings section and enable the "Isolate Clients" option by clicking the "ON" button </li>
</ol>
</ol>
[[File:ISOLATE CLIENTS HOTSPOT.png|border|class=tlt-border]]
[[File:Hotspot_14_lan.png|border|class=tlt-border|1000px]]
 
To further ensure that clients connected to the router's Wi-Fi interface cannot communicate with hotspot clients, I recommend enabling the "Isolate Clients" option on your router wi-fi interface as well.
To further ensure that clients connected to the router's Wi-Fi interface cannot communicate with hotspot clients, I recommend enabling the "Isolate Clients" option on your router wi-fi interface as well.


By implementing these adjustments, you'll effectively prevent communication between all hotspot clients regardless of whether they are connected to the Routers Hotspot Network directly or through TAP 100 AP.
By implementing these adjustments, you'll effectively prevent communication between all hotspot clients regardless of whether they are connected to the Routers Hotspot Network directly or through TAP 100 AP.
==Testing==
==Testing==
===Authenticating to the Hotspot network===
===Authenticating to the Hotspot network===
After client connects to hotspot network, the authentication page should automatically open up on your default browser.
After client connects to hotspot network, the authentication page should automatically open up on your default browser.


[[File:Login_page_hotspot.png|border|class=tlt-border]]
[[File:Login_page_hotspot.png|border|class=tlt-border|1050px]]
 
After entering the required details, clients will have internet connection. The credentials you need to use are the ones you specified when creating the local user earlier.
After entering the required details, clients will have internet connection. The credentials you need to use are the ones you specified when creating the local user earlier.


===DHCP assigned IP address for TAP100 ===
===DHCP assigned IP address for TAP100 ===
You can find what kind of IP address was assigned to TAP100 by navigating on router WebUI to '''Status -> Network -> LAN'''. There you will see TAP100 entry with it's mac address, lease time and assigned IP address. You can access TAP100 WebUI with this IP address.
You can find what kind of IP address was assigned to TAP100 by navigating on router WebUI to '''Status -> Network -> LAN'''. There you will see TAP100 entry with it's mac address, lease time and assigned IP address. You can access TAP100 WebUI with this IP address.
[[File:Dhcp leases management vlan.png|border|class=tlt-border]]
[[File:Dhcp leases management vlan.png|border|class=tlt-border|1050px]]