Difference between revisions of "Template:Networking rutos manual hotspot"

From Teltonika Networks Wiki
(change user scripts, minor changes)
(62 intermediate revisions by 9 users not shown)
Line 1: Line 1:
{{Template: Networking_device_manual_fw_disclosure
+
{{Template:Networking_rutos_manual_fw_disclosure
 +
| fw_version = {{{series}}}_R_00.02.03.1
 
| series = {{{series}}}
 
| series = {{{series}}}
| name  = {{{name}}}
 
| fw_version ={{Template: Networking_device_manual_latest_fw
 
| series = {{{series}}}
 
| name  = {{{name}}}
 
}}
 
 
}}
 
}}
{{#ifeq: {{{series}}} | RUT9 |<br><i><b>Note</b>: <b>[[{{{name}}} Hotspot (legacy WebUI)|click here]]</b> for the old style WebUI (FW version {{Template: Networking_device_manual_latest_fw | series = RUT9XX}} and earlier) user manual page.</i>|}}
+
 
{{#ifeq: {{{series}}} | RUT2 |<br><i><b>Note</b>: <b>[[{{{name}}} Hotspot (legacy WebUI)|click here]]</b> for the old style WebUI (FW version {{Template: Networking_device_manual_latest_fw | series = RUT2XX}} and earlier) user manual page.</i>|}}
 
 
==Summary==
 
==Summary==
  
On Teltonika Networks devices a <b>Hotspot</b> is a service that provides authentication, authorization and accounting for a network. This chapter is an overview of the Hotspot section for {{{name}}} devices.
+
'''Hotspot''' is a service that provides authentication, authorization and accounting for a network.
{{#switch: {{{series}}}
 
  | #default =
 
  | RUT36X|RUT9|TCR1|RUT2|RUT2M|RUT9M|TRB1|TRB2|TRB5|TRB2M|OTD140|RUT361 =
 
<u><b>
 
  
Note:</b> Hotspot is additional software that can be installed from the <b>System → [[{{{name}}} Package Manager|Package Manager]]</b> page.</u>
+
{{#ifeq:{{{wifi}}}|1
}}
+
|
 +
{{{name}}} devices are able to create Hotspot on either Wireless or LAN interface.
  
==General==
+
Wireless <b>Hotspots</b> are essentially Wireless Access Points - they provide network and/or internet access to other
 +
WiFi devices. The difference is that Hotspots are a lot more versatile when it comes to managing, monitoring and
 +
authenticating the wireless network's users. For example, while Wireless APs can be password protected, with Hotspots
 +
you can configure different users with different names, passwords, even data limits and data speeds and more. This
 +
chapter is an overview of the '''Wireless Hotspot''' function in {{{name}}} routers. In Services > Hotspot > General tab
 +
first choose interface on which you want Hotspot to operate, press '''Add''' and after new hotspot instance appears
 +
click on [[File:Networking_rutx_manual_edit_button_v1.png]] to start configuration.
  
===Hotspot Instances===
+
[[File:Network_rutxxx_manual_hotspot_hotspot_instances.png]]
----
+
|
The <b>Hotspot Instances</b> section displays the main parameters of your Hotspot. By default, a Hotspot instance does not exist on the device. To create a new instance and begin configuration:
+
{{{name}}} devices are able to create Hotspot on LAN interface.
  
<ol>
+
[[File:Network_rutx10_manual_hotspot_hotspot_instances_v1.png|border|class=tlt-border]]
    <li>select an 'Interface';</li>
+
}}
    <li>click the 'Add' button;</li>
 
</ol>
 
 
 
[[File:Networking_rutos_manual_hotspot_hotspot_instances_add_button_edit_buton_wifi.png|border|class=tlt-border]]
 
  
After this, a new Hotspot configuration window will appear.
+
==General Settings==
  
====General Settings====
+
The '''General Settings''' window is where most of the Hotspot configurations take place. This section will be divided
----
+
into sub-sections because configuration for Local authentication and with Radius Server are almost identical, just when
The <b>General Settings</b> window is where most of the Hotspot configuration takes place. Look to the sub-sections below for information on configuration fields found in the General Settings sections.
+
Radius is chosen extra tab appears.
  
=====General=====
+
====General====
 
----
 
----
{{#switch: {{{series}}}
+
[[File:Network_rutxxx_manual_hotspot_general_settings_v1.png|border|class=tlt-border]]
  | #default = [[File:Networking_rutos_manual_hotspot_general_hotspot_instances_general_settings_general_v3.png|border|class=tlt-border]]
 
  | TRB1 | TRB5 = [[File:Networking_rutos_manual_hotspot_general_hotspot_instances_general_settings_general_trb_v1.png|border|class=tlt-border]]}}
 
  
 
<table class="nd-mantable">
 
<table class="nd-mantable">
    <tr>
+
<tr>
<th>Field</th>
+
<th>field name</th>
<th>Value</th>
+
<th>value</th>
<th>Description</th>
+
<th>description</th>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>Configuration profile</td>
+
<td>Enable</td>
<td>Cloud4wi | Default | Hotspotsystems | Purple portal; default: <b>Default</b></td>
+
<td>off {{!}} on; default: '''on'''</td>
<td>Pre-configures Hotspot settings according to the selected service provider.</td>
+
<td>Toggles WiFi Hotspot instance ON or OFF.</td>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>Enable</td>
+
<td>Hotspot Network</td>
<td>off | on; default: <b>on</b></td>
+
<td>IP; default: '''192.168.2.0/24'''</td>
<td>Turns the Hotspot instance on or off.</td>
+
<td>Defines IP and subnet of Hotspot Network.</td>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>Hotspot Network</td>
+
<td>IP Adress</td>
<td>ip/netmask; default: <b>{{#switch: {{{series}}} | #default = 192.168.2.0/24 | TRB1 | TRB2 | TRB5 | TRB2M = 192.168.3.0/24}}</b></td>
+
<td>ip; default: '''192.168.2.254'''</td>
<td>IP address and subnet of the Hotspot network.</td>
+
<td>Defines the IP address of your Hotspot router in network.</td>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>IP Address</td>
+
<td>Authentication mode</td>
<td>ip; default: '''{{#switch: {{{series}}} | #default = 192.168.2.254 | TRB1 | TRB2 | TRB5 | TRB2M = 192.168.3.254}}'''</td>
+
<td>Radius {{!}} Local user {{!}} {{#ifeq:{{{mobile}}}|1| SMS OTP {{!}}}} MAC auth ; default: '''Local users'''
<td>Defines the IP address of your Hotspot router in network.</td>
+
</td>
    </tr>
+
<td>Authentication mode defines how users will connect to the Hotspot.</td>
    <tr>
+
</tr>
<td>Authentication mode</td>
+
<tr>
<td>Local users | Radius | MAC authentication | Single sign-on{{#ifeq:{{{mobile}}}|1| {{!}} SMS OTP}}; default: <b>Local users</b></td>
+
<td>Allow signup
<td>Authentication mode defines how users will connect to the Hotspot.</td>
+
</td>
    </tr>
+
<td>off | on; default: '''off'''</td>
    <tr>
+
<td>Allows users to sign up to hotspot via landing page.</td>
<td>Local users: Allow signup</td>
+
</tr>
<td>off | <span style="color: #20C0D7;"><b>on</b></span>; default: <b>off</b></td>
+
<tr>
<td>Allows users to sign up to hotspot via landing page.</td>
+
<td>Landing Page</td>
    </tr>
+
<td>Internal {{!}} External; default: '''Internal'''</td>
    <tr>
+
<td>If external Landing Page is chosen, new section, to enter website address, will appear, e.g.
<td>Local users: <span style="color: #20C0D7;">Expiration time</span></td>
+
http://www.example.com</td>
<td>integer; default: <b>0</b></td>
+
</tr>
<td>User credential expiration time. Applies to users who signed up via landing page.</td>
+
<tr>
    </tr>
+
<td>UAM Port</td>
    <tr>
+
<td>integer; default: '''3990'''</td>
<td>Local users: <span style="color: #20C0D7;">Users group</span></td>
+
<td>Port to bind for authenticating clients.</td>
<td>user group; default: <b>default</b></td>
+
</tr>
<td>The user group to which users signed up via landing page should be assigned to.</td>
+
<tr>
    </tr>
+
<td>UAM Secret</td>
    <tr>
+
<td>string; default: <b>none</b></td>
<td>Radius: Enable MAC authentication</td>
+
<td>Shared secret between uamserver and hotspot.</td>
<td>off | on; default: <b>off</b></td>
+
</tr>
<td>Enable MAC address authentication.</td>
+
<tr>
    </tr>
+
<td>Success page</td>
    <tr>
+
<td>Success Page {{!}} Original URL {{!}} Custom; default: '''Success page'''</td>
<td>MAC authentication: Require password</td>
+
<td>Location to return to after successful authentication.</td>
<td>off | <span style="color:brown">on</span>; default: <b>off</b></td>
+
</tr>
<td>Enables password requirement for MAC authentication.</td>
 
    </tr>
 
    <tr>
 
<td>MAC authentication: <span style="color:brown">MAC auth password</span></td>
 
<td>string; default: <b>none</b></td>
 
<td>Password for MAC authentication.</td>
 
    </tr>
 
    <tr>
 
<td>MAC authentication / Single sign-on{{#ifeq:{{{mobile}}}|1| / SMS OTP}}: User group</td>
 
<td>select; default: <b>default</b></td>
 
<td>Specifies the group of dynamically created users.</td>
 
    </tr>{{#ifeq:{{{mobile}}}|1|
 
    <tr>
 
<td>SMS OTP: Allow password duplicates</td>
 
<td>off {{!}} on; default: <b>off</b></td>
 
<td>Allows more than one user to login with a same password.</td>
 
    </tr>
 
    <tr>
 
<td>SMS OTP: Expiration time</td>
 
<td>unsingned integer; default: <b>0</b></td>
 
<td>User expiration time in sec (0 means unlimited).</td>
 
    </tr>|}}
 
    <tr>
 
<td>Landing Page</td>
 
<td>Internal | <span style="color: #f43b1a;">External</span>; default: <b>Internal</b></td>
 
<td>Location of the landing page.</td>
 
    </tr>
 
    <tr>
 
<td>UAM Port</td>
 
<td>integer; default: <b>3990</b></td>
 
<td>Port to bind for authenticating clients.</td>
 
    </tr>
 
    <tr>
 
<td><span style="color: #f43b1a;">Password encoding</span></td>
 
<td>off {{!}} on; default: <b>none</b></td>
 
<td>Password encoding with the challenge.</td>
 
    </tr>
 
    <tr>
 
<td><span style="color: #f43b1a;">Landing page address</span></td>
 
<td>url; default: <b>none</b></td>
 
<td>External landing page address (http://www.example.com).</td>
 
    </tr>
 
    <tr>
 
<td><span style="color: #f43b1a;">UAM Secret</span></td>
 
<td>string; default: <b>none</b></td>
 
<td>Shared secret between uamserver and hotspot.</td>
 
    </tr>
 
    <tr>
 
<td>Success page</td>
 
<td>Success Page | Original URL | <span style="color:blue">Custom</span>; default: <b>Success page</b></td>
 
<td>Location to return to after successful authentication.</td>
 
    </tr>
 
    <tr>
 
<td><span style="color:blue">Custom</span></td>
 
<td>url; default: <b>none</b></td>
 
<td>Address must contain protocol (http://www.example.com).</td>
 
    </tr>
 
 
</table>
 
</table>
  
=====Advanced=====
+
====Advanced====
 
----
 
----
[[File:Networking_rutos_manual_hotspot_general_hotspot_instances_general_settings_advanced_v1.png|border|class=tlt-border]]
+
 
 +
[[File:Network_rutxxx_manual_hotspot_advanced_settings_v1.png|border|class=tlt-border]]
  
 
<table class="nd-mantable">
 
<table class="nd-mantable">
    <tr>
+
<tr>
<th>Field</th>
+
<td>Additional interfaces</td>
<th>Value</th>
+
<td>Available interfaces; default: '''none'''</td>
<th>Description</th>
+
<td>Shows additional interfaces that can be attached to hotspot instance.</td>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>Additional interfaces</td>
+
<td>Logout address</td>
<td>Available interfaces; default: '''none'''</td>
+
<td>ip; default: '''1.0.0.0'''</td>
<td>Choose additional the interfaces you want to attach to this hotspot instance.</td>
+
<td>An address that can be used by users to logout from the Hotspot session.</td>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>Enable MAC blocking</td>
+
<td>Protocol</td>
<td>off {{!}} on; default: off</td>
+
<td>HTTP {{!}} HTTPS; default: '''HTTP'''</td>
<td>Blocks access to MAC addresses that have reached set amount of failed login attempts.</td>
+
<td>Protocol to be used for landing page.</td>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>Logout address</td>
+
<td>Enable TOS</td>
<td>ip; default: '''1.0.0.0'''</td>
+
<td>off {{!}} on; default: '''off'''</td>
<td>IP address to instantly logout a client accessing it.</td>
+
<td>Enables Terms of Service (ToS) requirement. Cient device will be able to access the Internet only after
    </tr>
+
agreeing ToS.</td>
    <tr>
+
</tr>
<td>Protocol</td>
+
<tr>
<td>HTTP | <span style="color: #20C0D7;">HTTPS</span>; default: <b>HTTP</b></td>
+
<td>Trial access</td>
<td>Protocol to be used for landing page.</td>
+
<td>off {{!}} on; default: '''off'''</td>
    </tr>
+
<td>Enables trial internet access for a specific group.</td>
    <tr>
+
</tr>
<td>Enable TOS</td>
+
<tr>
<td>off | on; default: <b>off</b></td>
+
<td><span style="color: tomato;">Trial access: </span>Group</td>
<td>Enables Terms of Service (ToS) requirement. Client device will be able to access the Internet only after agreeing ToS.</td>
+
<td>User group; default: '''default'''</td>
    </tr>
+
<td>Group of trial users.</td>
    <tr>
+
</tr>
<td>Trial access</td>
+
<tr>
<td>off | <span style="color: #f43b1a; font-weight: bold;">on</span>; default: <b>off</b></td>
+
<td>HTTPS to landing page redirect</td>
<td>Enables trial internet access for a specific group.</td>
+
<td>off {{!}} on; default: '''off'''</td>
    </tr>
+
<td>Redirect initial pre-landing page HTTPS requests to hotspot landing page.</td>
    <tr>
+
</tr>
<td><span style="color: #f43b1a;">Group</span></td>
+
<tr>
<td>User group; default: <b>default</b></td>
+
<td>DNS server 1</td>
<td>Specifies the group of trial users.</td>
+
<td>ip; default: '''8.8.8.8'''</td>
    </tr>
+
<td>Additional DNS servers that are to be used by the Hotspot.</td>
    <tr>
+
</tr>
<td>Subdomain</td>
+
<tr>
<td>string; default: <b>none</b></td>
+
<td>DNS server 2</td>
<td>Combined with Domain to make a DNS alias for the Hotspot IP address.</td>
+
<td>ip; default: '''8.8.4.4'''</td>
    </tr>
+
<td>Additional DNS servers that are to be used by the Hotspot.</td>
    <tr>
+
</tr>
<td>Domain</td>
 
<td>string; default: <b>none</b></td>
 
<td>Combined with Subdomain to make a DNS alias for the Hotspot IP address.</td>
 
    </tr>
 
    <tr>
 
<td>HTTPS to landing page redirect</td>
 
<td>off | <span style="color: #20C0D7;"><b>on</b></span>; default: <b>off</b></td>
 
<td>Redirect initial pre-landing page HTTPS requests to hotspot landing page.</td>
 
    </tr>
 
    <tr>
 
<td><span style="color: #20C0D7;"><b>Certificate files from device</b></span></td>
 
<td>off | on; default: <b>off</b></td>
 
<td>Specified whether to upload key & certificate files from computer or to use files generated on this device via the <i>System → Administration → <b>[[{{{name}}} Administration#Certificates|Certificates]]</b></i> page.</td>
 
    </tr>
 
    <tr>
 
<td><span style="color: #20C0D7;">SSL key file</span></td>
 
<td>key file; default: <b>none</b></td>
 
<td>Upload/select SSL key.</td>
 
    </tr>
 
    <tr>
 
<td><span style="color: #20C0D7;">SSL certificate file</span></td>
 
<td>certificate file; default: <b>none</b></td>
 
<td>Upload/select SSL certificate.</td>
 
    </tr>
 
    <tr>
 
<td>Primary DNS server</td>
 
<td>ip; default: <b>8.8.8.8</b></td>
 
<td>Additional DNS servers that are to be used by the Hotspot.</td>
 
    </tr>
 
    <tr>
 
<td>Secondary DNS server</td>
 
<td>ip; default: <b>8.8.4.4</b></td>
 
<td>Additional DNS servers that are to be used by the Hotspot.</td>
 
    </tr>
 
 
</table>
 
</table>
  
=====Radius=====
+
====Radius====
 
----
 
----
<b>Radius</b> authentication mode uses an external RADIUS server, to which you have to provide an address to, instead of using the router's Local Authentication. If you are using Local authentication, this section is not visible.
 
  
[[File:Networking_rutos_manual_hotspot_general_hotspot_instances_general_settings_radius_v1.png|border|class=tlt-border]]
+
'''Radius''' authentication mode uses an external Radius servers, to which you have to provide an address to, instead of
 +
using the router's Local Authentication. If you are using Local authentication, you can skip straight to
 +
[[{{{name}}}_Hotspot#Walled_Garden|Walled Garden]].
 +
 
 +
[[File:Network_rutxxx_manual_hotspot_radius_settings_v1.png|border|class=tlt-border]]
  
 
<table class="nd-mantable">
 
<table class="nd-mantable">
    <tr>
+
<tr>
<th>Field</th>
+
<td>RADIUS server #1</td>
<th>Value</th>
+
<td>ip; default: <b>none</b></td>
<th>Description</th>
+
<td>The IP address of the RADIUS server #1 that is to be used for Authenticating your wireless clients.</td>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>RADIUS server #1</td>
+
<td>RADIUS server #2</td>
<td>ip; default: <b>none</b></td>
+
<td>ip; default: <b>none</b></td>
<td>The IP address of the RADIUS server #1 that is to be used for Authenticating your wireless clients.</td>
+
<td>The IP address of the RADIUS server #2 that is to be used for Authenticating your wireless clients.</td>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>RADIUS server #2</td>
+
<td>Authentication port</td>
<td>ip; default: <b>none</b></td>
+
<td>integer [0..65535]; default: '''1812'''</td>
<td>The IP address of the RADIUS server #2 that is to be used for Authenticating your wireless clients.</td>
+
<td>RADIUS server authentication port.</td>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>Authentication port</td>
+
<td>Accounting port</td>
<td>integer [0..65535]; default: <b>1812</b></td>
+
<td>integer [0..65535]; default: '''1813''' </td>
<td>RADIUS server authentication port.</td>
+
<td>RADIUS server accounting port.</td>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>Accounting port</td>
+
<td>NAS identifier</td>
<td>integer [0..65535]; default: <b>1813</b> </td>
+
<td>string; default: <b>none</b></td>
<td>RADIUS server accounting port.</td>
+
<td>NAS-Identifier is one of the basic RADIUS attributes.</td>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>NAS identifier</td>
+
<td>Radius secret key</td>
<td>string; default: <b>none</b></td>
+
<td>string; default: <b>none</b></td>
<td>NAS-Identifier is one of the basic RADIUS attributes.</td>
+
<td>The secret key is a password used for authentication with the RADIUS server.</td>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>Radius secret key</td>
+
<td>Swap octets</td>
<td>string; default: <b>none</b></td>
+
<td>off {{!}} on; default: '''off'''</td>
<td>The secret key is a password used for authentication with the RADIUS server.</td>
+
<td>Swaps the meaning of input octets and output as it relates to RADIUS attributes.</td>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>Swap octets</td>
+
<td>Location name</td>
<td>off | on; default: <b>off</b></td>
+
<td>string; default: <b>none</b></td>
<td>Swaps the meaning of input octets and output as it relates to RADIUS attributes.</td>
+
<td>Custom location name for your Hotspot.</td>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>Location name</td>
+
<td>Location ID</td>
<td>string; default: <b>none</b></td>
+
<td>string; default: <b>none</b></td>
<td>Custom location name for your Hotspot.</td>
+
<td>Custom location ID for your Hotspot.</td>
    </tr>
+
</tr>
    <tr>
 
<td>Location ID</td>
 
<td>string; default: <b>none</b></td>
 
<td>Custom location ID for your Hotspot.</td>
 
    </tr>
 
 
</table>
 
</table>
  
=====Walled Garden=====
+
====Walled Garden====
 
----
 
----
You can add a list of addresses that users connected to the Hotspot will be able to reach without any authentication.
 
By default this list is empty. Simply write addresses into the Address List.
 
  
Format of address is <b>website.com</b> (does not include https://www).
+
You can add a list of addresses that users connected to the Hotspot will be able to reach without any authentication. By
 +
default this list is empty. Simply write addresses in to Address List.
  
[[File:Networking_rutos_manual_hotspot_general_hotspot_instances_general_settings_walled_garden_v1.png|border|class=tlt-border]]
+
[[File:Network_rutxxx_manual_hotspot_general_walled_garden_v1.png|border|class=tlt-border]]
  
<table class="nd-mantable">
+
====User Scripts====
    <tr>
+
----
<th>Field</th>
 
<th>Value</th>
 
<th>Description</th>
 
    </tr>
 
    <tr>
 
<td>Address list</td>
 
<td>domain names (one record per line); default: <b>none</b></td>
 
<td>List of addresses the client can access without first authenticating. One record per line. See placeholder for accepted formats.</td>
 
    </tr>
 
</table>
 
  
=====URL Parameters=====
+
In this tab you can add Scripts that will be executed after a session is authorized in '''Session up'''
----
+
section, after session has moved from authorized state to unauthorized in '''Session down''' section
The <b>URL parameters</b> section becomes visible when <b>Landing page</b> is selected as <b>External</b> in [[{{{name}}}_Hotspot#General_2|General settings]] section.
+
and after a new user has been signed up in '''User signup''' section.
  
[[File:Networking_rutos_manual_hotspot_general_hotspot_instances_general_settings_urlparams_v1.png|border|class=tlt-border]]
+
[[File:Network_rutxxx_manual_hotspot_user_scripts_v1.png|border|class=tlt-border]]
  
<table class="nd-mantable">
+
==Local Users==
    <tr>
 
<th>Field</th>
 
<th>Value</th>
 
<th>Description</th>
 
    </tr>
 
    <tr>
 
<td>UAM IP</td>
 
<td>string; default: <b>none</b></td>
 
<td>The IP Address of the Captive Portal gateway.</td>
 
    </tr>
 
    <tr>
 
<td>UAM port</td>
 
<td>string; default: <b>none</b></td>
 
<td>The port on which the Captive Portal will serve web content.</td>
 
    </tr>
 
    <tr>
 
<td>Called</td>
 
<td>string; default: <b>none</b></td>
 
<td>The MAC address of the IP Address of the Captive Portal gateway.</td>
 
    </tr>
 
    <tr>
 
<td>MAC</td>
 
<td>string; default: <b>none</b></td>
 
<td>The MAC address of the client trying to gain Internet access.</td>
 
    </tr>
 
    <tr>
 
<td>IP</td>
 
<td>ip default: <b>none</b></td>
 
<td>The IP Address of the client trying to gain Internet access.</td>
 
    </tr>
 
    <tr>
 
<td>NAS id</td>
 
<td>string; default: <b>none</b></td>
 
<td>An identification for the Captive Portal used in the RADIUS request.</td>
 
    </tr>
 
    <tr>
 
<td>Session id</td>
 
<td>string; default: <b>none</b></td>
 
<td>The unique identifer for session.</td>
 
    </tr>
 
    <tr>
 
<td>User url</td>
 
<td>string; default: <b>none</b></td>
 
<td>The URL which the user tried to access before he were redirected to the Captive Portal's URL's pages.</td>
 
    </tr>
 
    <tr>
 
<td>Challenge</td>
 
<td>string; default: <b>none</b></td>
 
<td>A challenge that should be used together with the user's password to create an encrypted phrase used to log on.</td>
 
    </tr>
 
    <tr>
 
<td>Custom 1</td>
 
<td>string; default: <b>none</b></td>
 
<td>Add custom name and custom value which will be displayed in url parameters.</td>
 
    </tr>
 
    <tr>
 
<td>-</td>
 
<td>SSID | Hostname | FW version | --Custom--; default: <b>SSID</b></td>
 
<td>-</td>
 
    </tr>
 
    <tr>
 
<td>Custom 2</td>
 
<td>string; default: <b>none</b></td>
 
<td>Add custom name and custom value which will be displayed in url parameters.</td>
 
    </tr>
 
    <tr>
 
<td>-</td>
 
<td>SSID | Hostname | FW version | --Custom--; default: <b>SSID</b></td>
 
<td>-</td>
 
    </tr>
 
</table>
 
  
=====User Scripts=====
+
The '''Users Configuration''' tab is used to create new, unique users that can connect to the Hotspot.
----
 
In this section you can add custom <b>Scripts</b> that will be executed after a session is authorized in the <b>Session up</b> section, after session has moved from authorized state to unauthorized in the <b>Session down</b> section and after a new user has been signed up in the <b>User signup</b> section.
 
  
[[File:Networking_rutos_manual_hotspot_general_hotspot_instances_general_settings_user_scripts_v2.png|border|class=tlt-border]]
+
[[File:Network_rutxxx_manual_hotspot_local_users_v1.png|border|class=tlt-border]]
  
 
<table class="nd-mantable">
 
<table class="nd-mantable">
    <tr>
+
<tr>
<th>Field</th>
+
<th>field name</th>
<th>Value</th>
+
<th>value</th>
<th>Description</th>
+
<th>description</th>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>Session up</td>
+
<td>Name</td>
<td>bash script; default: <b>none</b></td>
+
<td>string; default: <b>none</b></td>
<td>Script executed after a session is authorized. Executed with the environment variables (Please refer to the wiki).</td>
+
<td>A custom user name used to authenticate clients connecting to the Hotspot.</td>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>Session down</td>
+
<td>Password</td>
<td>bash script; default: <b>none</b></td>
+
<td>string; default: <b>none</b></td>
<td>Script executed after a session has moved from authorized state to unauthorized. Executed with the environment variables (Please refer to the wiki).</td>
+
<td>A custom password for the specified user name.</td>
    </tr>
+
</tr>
    <tr>
+
<tr>
<td>User signup</td>
+
<td>Group</td>
<td>bash script; default: <b>none</b></td>
+
<td>string; default: '''default'''</td>
<td>Script executed after a new user has been created during signup process. Executed with the environment variables (Please refer to the wiki).</td>
+
<td>After adding user select group that it will be assigned to. Group describes connection speeds and
    </tr>
+
dowload/upload limits. The '''default''' group settings have no restrictions. More on User Groups in the
 +
next section.</td>
 +
</tr>
 
</table>
 
</table>
  
==Local Users==
+
==User Groups==
 +
 
 +
'''User Groups''' lets set different connection limits for different users. Group '''default''' is already created and
 +
does not have any limitations set. To create new group simply enter the name and press Add.
  
The <b>Local Users</b> section is used to create and manage users that can connect to the Hotspot. The elements comprising the Local Users page are explained in the list and figure below.  
+
[[File:Network_rutxxx_manual_hotspot_user_groups_v1.png|border|class=tlt-border]]
  
<ol>
+
After adding a group it will not have any limits set, so press edit [[File:Networking rutx manual edit button v1.png]].
    <li>Entering a Username, Password and clicking the 'Add' button creates a new user.</li>
+
In following window you will be able to configure yours User Group.
    <li>The 'Group' dropdown menu assigns a user to another group.</li>
 
    <li>The 'Edit' button lets you change a user's password or assign the user to another group.</li>
 
    <li>The 'Delete[X]' button deletes a user.</li>
 
</ol>
 
  
[[File:Networking_rutos_manual_hotspot_local_users_add_button_edit_button_v1.png|border|class=tlt-border]]
+
[[File:Network_rutxxx_manual_hotspot_user_group_settings_v1.png|border|class=tlt-border]]
 +
 
 +
<table class="nd-mantable">
 +
<tr>
 +
<th>field name</th>
 +
<th>value</th>
 +
<th>description</th>
 +
</tr>
 +
<tr>
 +
<td>Idle timeout</td>
 +
<td>integer; default: <b>none</b></td>
 +
<td>A timeout in seconds after which idle users are automatically disconnected from the Hotspot. (0 means
 +
unlimited)</td>
 +
</tr>
 +
<tr>
 +
<td>Time limit</td>
 +
<td>integer; default: <b>none</b></td>
 +
<td>Disables hotspot user after time limit in sec is reached. (0, meaning unlimited)</td>
 +
</tr>
 +
<tr>
 +
<td>Download bandwidth</td>
 +
<td>integer; default: <b>none</b></td>
 +
<td> Maximum download bandwidth that the users assigned to this template can achieve. Bandwidth can be specified
 +
in Kbit/s or Mbit/s.</td>
 +
</tr>
 +
<tr>
 +
<td>Upload bandwidth</td>
 +
<td>integer; default: <b>none</b></td>
 +
<td>Maximum upload bandwidth that the users assigned to this template can achieve. Bandwidth can be specified in
 +
Kbit/s or Mbit/s.</td>
 +
</tr>
 +
<tr>
 +
<td>Download limit</td>
 +
<td>integer; default: <b>none</b></td>
 +
<td>A received data limit that the users assigned to this template can reach. After the data limit is reached,
 +
the user will lose data connection. Download limit is specified in MB.</td>
 +
</tr>
 +
<tr>
 +
<td>Upload limit</td>
 +
<td>integer; default: <b>none</b></td>
 +
<td>A sent data limit that the users assigned to this template can reach. After the data limit is reached, the
 +
user will lose data connection. Upload limit is specified in MB.</td>
 +
</tr>
 +
<tr>
 +
<td>Period</td>
 +
<td>Month {{!}} Week {{!}} Day; default: '''Month'''</td>
 +
<td>The beginning of the period during which the restriction specified in this section will apply. After the
 +
period is over, all specified limits are reset. </td>
 +
</tr>
 +
<tr>
 +
<td>Start day</td>
 +
<td>integer [1..31] {{!}} Monday..Sunday {{!}} integer [1..24]; default: '''1'''</td>
 +
<td>Choices changes depending on what '''Period''' was chosen. Specifies which day of the month, week or hour of
 +
the day the limits will be reset.</td>
 +
</tr>
 +
<tr>
 +
<td>Expiration time</td>
 +
<td>integer; default: '''0'''</td>
 +
<td>Expiration time in sec (0 means unlimited). Only for dynamically created users.</td>
 +
</tr>
 +
</table>
  
 
==Landing Page==
 
==Landing Page==
  
This section is used to define how your Hotspot's <b>Landing Page</b> will look like to connecting users.
+
This section is used to define how your Hotspot's Landing Page will look like.
  
 
===General Settings===
 
===General Settings===
 
----
 
----
<b>General Settings</b> section lets you choose the authentication protocol and theme that will be used in the Landing Page. You can download more themes using the [[{{{name}}}_Package_Manager|Package Manager]]
+
'''General Settings''' section lets you choose authentication protocol that will be used in Landing Page.
  
[[File:Networking_rutos_manual_hotspot_landing_page_general_settings_v1.png|border|class=tlt-border]]
+
[[File:Network_rutxxx_manual_hotspot_landing_page_general_v1.png|border|class=tlt-border]]
  
 
===Themes===
 
===Themes===
 
----
 
----
The <b>Themes</b> section displays all available Landing Page themes. In order to download a theme, click the 'Download' button, in order to edit a theme, click the 'Edit' button next to it.
+
The <b>Themes</b> section shows all available landing page themes and allows you to edit them.
  
[[File:Networking_rutos_manual_hotspot_landing_page_themes_download_edit_button_v1.png|border|class=tlt-border]]
+
[[File:Network_rutxxx_manual_hotspot_landing_page_themes_v1.png|border|class=tlt-border]]
  
 
====Images====
 
====Images====
Line 467: Line 344:
 
The <b>Images</b> section allows you to upload custom images to different objects.
 
The <b>Images</b> section allows you to upload custom images to different objects.
  
[[File:Networking_rutos_manual_hotspot_landing_page_themes_images_v2.png|border|class=tlt-border]]
+
[[File:Network_rutxxx_manual_hotspot_landing_page_themes_images_v1.png|border|class=tlt-border]]
  
====Style Settings====
+
====Style settings====
 
----
 
----
  
Pressing 'Edit' button next to style settings lets you edit how your
+
Pressing edit button [[File:Networking rutx manual edit button v1.png]] next to style settings lets you edit how your
 
landing page will look visually using CSS syntax.
 
landing page will look visually using CSS syntax.
  
[[File:Networking_rutos_manual_hotspot_landing_page_themes_style_settings_v1.png|border|class=tlt-border]]
+
[[File:Network_rutxxx_manual_hotspot_landing_page_themes_style_v1.png|border|class=tlt-border]]
 
 
====View Settings====
 
----
 
In <b>View Settings</b> you can access and modify default templates for various parts of landing page and edit their HTML code.
 
 
 
[[File:Networking_rutos_manual_hotspot_landing_page_themes_view_settings_v1.png|border|class=tlt-border]]
 
  
====Custom Theme====
+
====View settings====
 
----
 
----
To use custom theme you can download default theme and edit it's content. Then use 'Browse' button to upload it.
 
 
[[File:Networking rutos manual hotspot landing page themes upload custom v2.png|border|class=tlt-border]]
 
  
==User Groups==
+
In view settings you can access and modify default templates for various parts of landing page and edit their HTML code.
  
<b>User Groups</b> provides the possibility to set different connection limits for different users. A group called 'default' is already created and does not have any limitations set by default. You can
+
[[File:Network_rutxxx_manual_hotspot_landing_page_themes_view_settings_v1.png|border|class=tlt-border]]
  
<ol>
+
==User management==
    <li>create a new group by entering a custom Name and clicking 'Add'</li>
 
    <li>or configure the existing rule by clicking the 'Edit' button next to it.</li>
 
</ol>
 
  
[[File:Networking_rutos_manual_hotspot_user_groups_edit_button_v1.png|border|class=tlt-border]]
+
The <b>User management</b> section allows you to manage currently logged in users.
  
A group's settings page will look similar to this:
+
[[File:Network_rutxxx_manual_hotspot_landing_page_user_management_v1.png|border|class=tlt-border]]
 
 
[[File:Networking_rutos_manual_hotspot_user_groups_group_default_settings_v3.png|border|class=tlt-border]]
 
 
 
<table class="nd-mantable">
 
    <tr>
 
        <th>Field</th>
 
        <th>Value</th>
 
        <th>Description</th>
 
    </tr>
 
    <tr>
 
        <td>Idle timeout</td>
 
        <td>integer; default: <b>none</b></td>
 
        <td>A timeout in seconds after which idle users are automatically disconnected from the Hotspot. (0 means
 
            unlimited.)</td>
 
    </tr>
 
    <tr>
 
        <td>Time limit</td>
 
        <td>integer; default: <b>none</b></td>
 
        <td>Disables hotspot user after time limit in sec is reached. (0, meaning unlimited)</td>
 
    </tr>
 
    <tr>
 
        <td>Download bandwidth</td>
 
        <td>integer; default: <b>none</b></td>
 
        <td> Maximum download bandwidth that the users assigned to this template can achieve. Bandwidth can be specified in Mbit/s.</td>
 
    </tr>
 
    <tr>
 
        <td>Upload bandwidth</td>
 
        <td>integer; default: <b>none</b></td>
 
        <td>Maximum upload bandwidth that the users assigned to this template can achieve. Bandwidth can be specified in Mbit/s.</td>
 
    </tr>
 
    <tr>
 
        <td>Download limit</td>
 
        <td>integer; default: <b>none</b></td>
 
        <td>A received data limit that the users assigned to this template can reach. After the data limit is reached,
 
            the user will lose data connection. Download limit is specified in MB.</td>
 
    </tr>
 
    <tr>
 
        <td>Upload limit</td>
 
        <td>integer; default: <b>none</b></td>
 
        <td>A sent data limit that the users assigned to this template can reach. After the data limit is reached, the
 
            user will lose data connection. Upload limit is specified in MB.</td>
 
    </tr>
 
    <tr>
 
        <td>Warning</td>
 
        <td>integer; default: <b>none</b></td>
 
        <td>Send an SMS warning to hotspot user after warning value of download or upload data in MB is reached. Only works with SMS OTP authentication.</td>
 
    </tr>
 
    <tr>
 
        <td>Period</td>
 
        <td>Month | Week | Day; default: <b>Month</b></td>
 
        <td>The beginning of the period during which the restriction specified in this section will apply. After the
 
            period is over, all specified limits are reset. </td>
 
    </tr>
 
    <tr>
 
        <td>Start day</td>
 
        <td>integer [1..31] | Monday..Sunday | integer [1..24]; default: <b>1</b></td>
 
        <td>Choices changes depending on what 'Period' was chosen. Specifies which day of the month, week or hour of the
 
            day the limits will be reset.</td>
 
    </tr>
 
</table>
 
 
 
==User Management==
 
 
 
The <b>User sessions</b> tab displays the status and session statistics of currently logged in users. You can also "kick" (deauthenticate) a user by clicking the 'Logout' button next to it.
 
 
 
[[File:Networking_rutos_manual_hotspot_user_management_current_hotspot_users_v1.png|border|class=tlt-border]]
 
 
 
 
 
The <b>Registered Hotspot Users</b> tab displays the data of unique users that have registered to the hotspot before.
 
 
 
[[File:Networking_rutos_manual_hotspot_user_management_registered_hotspot_users_v1.png|border|class=tlt-border]]
 
 
 
{{#switch: {{{series}}} | TRB1 | TRB2 | TRB5 | RUT30X | TAP100 | TAP200 | OTD140 | TRB2M | RUT301 =
 
| RUTX | RUTM | RUT36X | TCR1 | RUT9 | RUT9M | RUT2 | RUT2M | RUT361 | TAP100 | TAP200 | #default = {{#switch: {{{name}}} | RUTX08 | RUTX09 | RUTM08 | RUTM09  = | #default =
 
{{Template:Networking_rutos_manual_hotspot_2.0
 
| series = {{{series}}}
 
| name = {{{name}}}
 
| wifi = {{{wifi}}}
 
}}}}}}
 
  
 
[[Category:{{{name}}} Services section]]
 
[[Category:{{{name}}} Services section]]

Revision as of 15:29, 15 June 2020

Template:Networking rutos manual fw disclosure

Summary

Hotspot is a service that provides authentication, authorization and accounting for a network.

{{{name}}} devices are able to create Hotspot on LAN interface.

File:Network rutx10 manual hotspot hotspot instances v1.png

General Settings

The General Settings window is where most of the Hotspot configurations take place. This section will be divided into sub-sections because configuration for Local authentication and with Radius Server are almost identical, just when Radius is chosen extra tab appears.

General


File:Network rutxxx manual hotspot general settings v1.png

field name value description
Enable off | on; default: on Toggles WiFi Hotspot instance ON or OFF.
Hotspot Network IP; default: 192.168.2.0/24 Defines IP and subnet of Hotspot Network.
IP Adress ip; default: 192.168.2.254 Defines the IP address of your Hotspot router in network.
Authentication mode Radius | Local user | MAC auth ; default: Local users Authentication mode defines how users will connect to the Hotspot.
Allow signup off | on; default: off Allows users to sign up to hotspot via landing page.
Landing Page Internal | External; default: Internal If external Landing Page is chosen, new section, to enter website address, will appear, e.g. http://www.example.com
UAM Port integer; default: 3990 Port to bind for authenticating clients.
UAM Secret string; default: none Shared secret between uamserver and hotspot.
Success page Success Page | Original URL | Custom; default: Success page Location to return to after successful authentication.

Advanced


File:Network rutxxx manual hotspot advanced settings v1.png

Additional interfaces Available interfaces; default: none Shows additional interfaces that can be attached to hotspot instance.
Logout address ip; default: 1.0.0.0 An address that can be used by users to logout from the Hotspot session.
Protocol HTTP | HTTPS; default: HTTP Protocol to be used for landing page.
Enable TOS off | on; default: off Enables Terms of Service (ToS) requirement. Cient device will be able to access the Internet only after agreeing ToS.
Trial access off | on; default: off Enables trial internet access for a specific group.
Trial access: Group User group; default: default Group of trial users.
HTTPS to landing page redirect off | on; default: off Redirect initial pre-landing page HTTPS requests to hotspot landing page.
DNS server 1 ip; default: 8.8.8.8 Additional DNS servers that are to be used by the Hotspot.
DNS server 2 ip; default: 8.8.4.4 Additional DNS servers that are to be used by the Hotspot.

Radius


Radius authentication mode uses an external Radius servers, to which you have to provide an address to, instead of using the router's Local Authentication. If you are using Local authentication, you can skip straight to [[{{{name}}}_Hotspot#Walled_Garden|Walled Garden]].

File:Network rutxxx manual hotspot radius settings v1.png

RADIUS server #1 ip; default: none The IP address of the RADIUS server #1 that is to be used for Authenticating your wireless clients.
RADIUS server #2 ip; default: none The IP address of the RADIUS server #2 that is to be used for Authenticating your wireless clients.
Authentication port integer [0..65535]; default: 1812 RADIUS server authentication port.
Accounting port integer [0..65535]; default: 1813 RADIUS server accounting port.
NAS identifier string; default: none NAS-Identifier is one of the basic RADIUS attributes.
Radius secret key string; default: none The secret key is a password used for authentication with the RADIUS server.
Swap octets off | on; default: off Swaps the meaning of input octets and output as it relates to RADIUS attributes.
Location name string; default: none Custom location name for your Hotspot.
Location ID string; default: none Custom location ID for your Hotspot.

Walled Garden


You can add a list of addresses that users connected to the Hotspot will be able to reach without any authentication. By default this list is empty. Simply write addresses in to Address List.

File:Network rutxxx manual hotspot general walled garden v1.png

User Scripts


In this tab you can add Scripts that will be executed after a session is authorized in Session up section, after session has moved from authorized state to unauthorized in Session down section and after a new user has been signed up in User signup section.

File:Network rutxxx manual hotspot user scripts v1.png

Local Users

The Users Configuration tab is used to create new, unique users that can connect to the Hotspot.

File:Network rutxxx manual hotspot local users v1.png

field name value description
Name string; default: none A custom user name used to authenticate clients connecting to the Hotspot.
Password string; default: none A custom password for the specified user name.
Group string; default: default After adding user select group that it will be assigned to. Group describes connection speeds and

dowload/upload limits. The default group settings have no restrictions. More on User Groups in the

next section.

User Groups

User Groups lets set different connection limits for different users. Group default is already created and does not have any limitations set. To create new group simply enter the name and press Add.

File:Network rutxxx manual hotspot user groups v1.png

After adding a group it will not have any limits set, so press edit Networking rutx manual edit button v1.png. In following window you will be able to configure yours User Group.

File:Network rutxxx manual hotspot user group settings v1.png

field name value description
Idle timeout integer; default: none A timeout in seconds after which idle users are automatically disconnected from the Hotspot. (0 means unlimited)
Time limit integer; default: none Disables hotspot user after time limit in sec is reached. (0, meaning unlimited)
Download bandwidth integer; default: none Maximum download bandwidth that the users assigned to this template can achieve. Bandwidth can be specified in Kbit/s or Mbit/s.
Upload bandwidth integer; default: none Maximum upload bandwidth that the users assigned to this template can achieve. Bandwidth can be specified in Kbit/s or Mbit/s.
Download limit integer; default: none A received data limit that the users assigned to this template can reach. After the data limit is reached, the user will lose data connection. Download limit is specified in MB.
Upload limit integer; default: none A sent data limit that the users assigned to this template can reach. After the data limit is reached, the user will lose data connection. Upload limit is specified in MB.
Period Month | Week | Day; default: Month The beginning of the period during which the restriction specified in this section will apply. After the period is over, all specified limits are reset.
Start day integer [1..31] | Monday..Sunday | integer [1..24]; default: 1 Choices changes depending on what Period was chosen. Specifies which day of the month, week or hour of the day the limits will be reset.
Expiration time integer; default: 0 Expiration time in sec (0 means unlimited). Only for dynamically created users.

Landing Page

This section is used to define how your Hotspot's Landing Page will look like.

General Settings


General Settings section lets you choose authentication protocol that will be used in Landing Page.

File:Network rutxxx manual hotspot landing page general v1.png

Themes


The Themes section shows all available landing page themes and allows you to edit them.

File:Network rutxxx manual hotspot landing page themes v1.png

Images


The Images section allows you to upload custom images to different objects.

File:Network rutxxx manual hotspot landing page themes images v1.png

Style settings


Pressing edit button Networking rutx manual edit button v1.png next to style settings lets you edit how your landing page will look visually using CSS syntax.

File:Network rutxxx manual hotspot landing page themes style v1.png

View settings


In view settings you can access and modify default templates for various parts of landing page and edit their HTML code.

File:Network rutxxx manual hotspot landing page themes view settings v1.png

User management

The User management section allows you to manage currently logged in users.

File:Network rutxxx manual hotspot landing page user management v1.png

[[Category:{{{name}}} Services section]]