Extending Router Hotspot Network with TAP100: Difference between revisions

From Teltonika Networks Wiki
No edit summary
 
(52 intermediate revisions by 3 users not shown)
Line 1: Line 1:
<p style="color:red">The information in this page is updated in accordance with [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.08'''] firmware version. .</p>
==Introduction==
This article provides instructions on how to expand the hotspot network of the RUT956 router using the TAP100 access point. It's important to clarify that TAP100 cannot function as an independent hotspot network - it serves as an access point. The network management and control will be handled by the RUT device, with the TAP100 extending the coverage area.


<p style="color:red">The information in this page is updated in accordance with [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.05.0'''] firmware version. .</p>


==Introduction==
This article contains instructions on how to extend RUT956 router hotspot network using TAP100 access point.
==Configuration overview and prerequisites==
==Configuration overview and prerequisites==
Before we begin, let's take a look at the configuration that we are attempting to achieve and the prerequisites that make it possible. For this setup we are going to use Teltonika router RUT956 which LAN IP is 192.168.5.1 and access point TAP100 which LAN IP is 192.168.5.2
Before we begin, let's take a look at the configuration that we are attempting to achieve and the prerequisites that make it possible. For this setup we are going to use Teltonika router RUT956 and access point TAP100.


[[File:Topology test test.jpg|border|class=tlt-border]]
[[File:615930_TAP100.png|border|class=tlt-border |1000x1000px]]


'''Prerequisites:'''  
'''Prerequisites:'''  
<ul>
<ul>
<li> Router  </li>
<li> Teltonika Networks router with WiFi capabilities </li>
<li> TAP100 </li>
<li> Teltonika Networks wireless AP TAP100 connected to the LAN port of the Router </li>
<li> End device (PC, Laptop, Smartphone) </li>
<li> Preferably two end devices (PC, Laptop, Smartphone) </li>
<li> RMS account (useful to have) </li>
</ul>
</ul>


Line 20: Line 22:


==Router configuration==
==Router configuration==
===Configuring router LAN interface===
===Creating new VLANs on Router===
----
Firstly, we are going to configure VLANs for port that we are going to use to connect our TAP100. In this example, TAP100 will be connected to RUT956 LAN Port 3. To do this, navigate on router Webui and go to '''Network -> VLAN -> Port based''' and do the following steps:
<ol>
<li>Press ADD button two times. This will add two new VLAN interfaces</li>
<li>On LAN3 ( we are going to connect TAP to RUT956 LAN3 port) choose off on VLAN ID1 </li>
<li>On newly created vlan ( default VLAN ID will be 3) change the default VLAN ID to 50 and choose "Tagged" option on LAN3 port</li>
<li>On second newly created vlan ( default VLAN ID will be 4) change the default VLAN ID to 150 and choose "Tagged" option on LAN3 </li>
<li>Press Save & Apply button </li>
</ol>
[[File:VLAN HOTSPOT CONFIGURATION SOL2.png|border|class=tlt-border|1000px]]
 
===Creating Management Firewall Zone===
----
<ol>
<li>Open '''WebUI -> Network -> Firewall -> General Settings -> Zones''', Add new zone</li>
</ol>
[[File:fw_zone_1.png|border|center|1000x274px]]
 
====Zone Management====
----
=====General Settings=====
----
Make following changes in the new zone:
<ol>
<li>Enter Name: '''Management'''</li>
<li>Selec Input: '''Accept'''</li>
<li>Select Allow forward to destination zones: '''lan'''</li>
</ol>
[[File:fw_zone_2.png|border|center|1000x638px]]
 
====Management VLAN interface configuration====
----
----
Go to '''Network -> LAN''' and press edit button and in pop-up window perform following actions :
After adding the new VLANs, the next step is to configure the interfaces that will be associated with these VLANs. In this example, we will begin by configuring the "Management" interface, which is intended for device management. To do this, navigate on router WebUI to '''Network -> LAN'''. While there, add new interface. To do this, simply just write management or any other name that you prefer for this interface and press add.  In pop-up window you need to do the following steps :
<ol>
<li>Enable interface</li>
<li>Choose "Static" protocol</li>
<li>Choose your preferred IP address. We are going to use 192.168.150.1 for management purposes </li>
<li>Choose netmask of 255.255.255.0 or any other that you prefer</li>
<li>Enable DHCP server</li>
 
[[File:Hotspot_1_lan.png|border|class=tlt-border|1000px]]
 
<li> Next, we need to navigate to Physical Settings of the same interface and choose eth0.150 interface </li>
[[File:Hotspot_2_lan.png|border|class=tlt-border|1000px]]
<li> Lastly, we need to navigate to Firewall settings of the same interface and add custom "Management" zone </li>
[[File:Hotspot_3_lan.png|border|class=tlt-border|1000px]]
</ol>
 
====Hotspot VLAN interface configuration====
Now that we have established the management VLAN interface, we can proceed to configure the hotspot VLAN interface. To do this, as before, please navigate on router WebUI to '''Network -> LAN'''. While there, add new interface. To do this, simply just write hotspot or any other name that you prefer for this interface and press add.  In pop-up window you need to do the following steps :  
<ol>
<ol>
<li>Enter IPv4 address. </li>
<li>Enable the interface</li>
<li>Disable DHCP server </li>
<li>Enter interface name as "Hotspot"</li>
<li>Protocol should be set as "None"</li>
[[File:Hotspot_4_lan.png|border|class=tlt-border|1000px]]
 
<li>Next, In physical settings turn on "Bridge Interfaces"</li>
<li>Additionally select eth0.50 interface</li>
[[File:Hotspot_5_lan.png|border|class=tlt-border|1000px]]
<li>Lastly, In firewall settings, choose LAN zone</li>
[[File:Hotspot_6_lan.png|border|class=tlt-border|1000px]]
<li>Dont forget to press Save & Apply</li>
</ol>
</ol>
[[File:LAN_Hotspot.png|border|class=tlt-border]]


===Router Hotspot configuration===
===Router Hotspot configuration===
Line 35: Line 93:
To set up a hotspot instance on the RUT956 router, we firstly must download the hotspot package from the device's package manager. You can access the package manager by navigating to the router's WebUI interface to '''System -> Package Manager -> Packages'''.
To set up a hotspot instance on the RUT956 router, we firstly must download the hotspot package from the device's package manager. You can access the package manager by navigating to the router's WebUI interface to '''System -> Package Manager -> Packages'''.


After you have successfully installed the hotspot package, the next step is to access hotspot configuration settings. Navigate to '''Services -> Hotspot -> Local users''' as we will be configuring local user authentication for our Hotspot instance. While in this section, please follow these steps :
After you have successfully installed the hotspot package, the next step is to access hotspot configuration settings. Please navigate to '''Services -> Hotspot -> Local users''' as we will be configuring local user authentication for our Hotspot instance. While in this section, please follow these steps :


<ol>
<ol>
<li>Enter username that you wish. </li>
<li>Enter your preferred username  </li>
<li>Enter passowrd that you wish. </li>
<li>Enter your preferred password </li>
<li>Press add button. </li>
<li>Press add button </li>
</ol>
</ol>
It's crucial to remember and securely store these credentials, as they will be used by users to authenticate themselves on the hotspot network successfully.
It's crucial to remember and securely store these credentials, as they will be used by users to authenticate themselves on the hotspot network successfully.
[[File:Local Users 956 Hotspot.png|border|class=tlt-border]]
[[File:Hotspot_7_lan.png|border|class=tlt-border|1000px]]
----
====Hotspot interface configuration====
====Hotspot interface configuration====
----
----
Now that we've successfully created a hotspot local user, the next step is to configure the hotspot interface. To achieve this, let's navigate to the router's WebUI and access '''Services -> Hotspot -> General'''. Once there, please follow these steps:
Now that we've successfully created a hotspot local user, the next step is to configure the hotspot interface. To achieve this, let's navigate to the router's WebUI and access '''Services -> Hotspot -> General'''. Once there, please follow these steps:
<ol>
<ol>
<li> Choose LAN interface.</li>
<li> Choose Hotspot interface</li>
<li> Press "ADD" button. </li>
<li> Press "ADD" button </li>
</ol>
</ol>
[[File:New Instance Hotspot.png|border|class=tlt-border]]
[[File:Hotspot_8_lan.png|border|class=tlt-border|1000px]]


Next, in the pop-up window, please click the "Enable" button. You can choose to either leave all other settings at their default values or make adjustments as per your preferences. For the purpose of this configuration, we'll maintain the default settings.
Next, in the pop-up window, please click the "Enable" button. You can choose to either leave all other settings at their default values or make adjustments as per your preferences. For the purpose of this configuration, we'll maintain the default settings.


[[File:Hotpost interface enable.png|border|class=tlt-border]]
[[File:Hotspot_9_lan.png|border|class=tlt-border|1000px]]
 


==Access point (TAP100) configuration==
==Access point (TAP100) configuration==
Line 64: Line 120:
To begin, we'll have to access TAP100's WebUI. Instructions on how to access the TAP100 WebUI can be found in another article on our Wiki [https://wiki.teltonika-networks.com/view/QSG_TAP100#Login_to_device here]
To begin, we'll have to access TAP100's WebUI. Instructions on how to access the TAP100 WebUI can be found in another article on our Wiki [https://wiki.teltonika-networks.com/view/QSG_TAP100#Login_to_device here]


After successfully establishing a connection to the TAP100 WebUI, the next step is to navigate to '''Network -> IP settings'''. Within this section, update the IPv4 address field to match the LAN network of your router. For instance, if your router's LAN belongs to the network 192.168.5.0/24 with a LAN IP address of 192.168.5.1, then configure your TAP100 with an IP address of 192.168.5.2 and a netmask of 255.255.255.0. This ensures that both devices are on the same network.
After successfully establishing a connection to the TAP100 WebUI, the next step is to navigate to '''Network -> Wireless SSIDs'''. Within this section, press edit button on SSID and in pop-up window on VLAN ID option choose custom and enter 50.
 
[[File:Hotspot_10_lan.png|border|class=tlt-border|1000px]]
[[File:TAP100 IP address.png|border|class=tlt-border]]


That concludes the necessary configuration steps for the TAP100. Now, let's establish the connection between your router and the TAP100. To do this, you can simply connect one end of an Ethernet cable to the router's LAN port and the other end to the TAP100's Ethernet IN port on the PoE injector. For more detailed installation instructions, please refer to the installation guide which can be found [https://wiki.teltonika-networks.com/view/QSG_TAP100#Installation_Guide here]
After this, navigate to '''Network -> IP Settings''' and under Management VLAN option choose custom and enter 150. Also, make sure that Mode is set to Static + DHCP.
[[File:Hotspot_11_lan.png|border|class=tlt-border|1000px]]


That concludes the necessary configuration steps for the TAP100. Now, let's establish the connection between your router and the TAP100. To do this, you can simply connect one end of an Ethernet cable to the router's LAN3 port and the other end to the TAP100's Ethernet IN port on the PoE injector. For more detailed installation instructions, please refer to the installation guide which can be found [https://wiki.teltonika-networks.com/view/QSG_TAP100#Installation_Guide here]


==Access router through hotspot==
==Optional configurations==
With the current configuration, clients have access to the TAP100 WebUI but cannot reach the router's WebUI. This section outlines additional steps to enable hotspot clients to access the router's WebUI.
===Access router through hotspot===
With the current configuration, clients doesn't have have access to the router WebUI. This section outlines additional steps to enable hotspot clients to access the router's WebUI.


To achieve this, we only need to create one firewall rule on the router. Here's how to do it:
To achieve this, we only need to create one firewall rule on the router. Here's how to do it:
Line 86: Line 144:
<li> Press "ADD" button  </li>
<li> Press "ADD" button  </li>
</ol>
</ol>
[[File:firewallrule1.png|border|class=tlt-border]]
[[File:Hotspot_12_lan.png|border|class=tlt-border|1000px]]
 
<br>
After completing these steps, a pop-up window will appear, where you need to enter the following details:
After completing these steps, a pop-up window will appear, where you need to enter the following details:


Line 96: Line 154:
<li> Don't forget to enable and save it </li>
<li> Don't forget to enable and save it </li>
</ol>
</ol>
[[File:Firewallrule2.png|border|class=tlt-border]]
[[File:Hotspot_13_lan.png|border|class=tlt-border|1000px]]
With this firewall rule in place, all clients connected to the hotspot will have access to the router's WebUI using the router LAN address (in our case, 192.168.5.1) and can reach the TAP100 WebUI via the tap100.rutos.net address.
 
With this firewall rule in place, all clients connected to the hotspot will have access to the router's WebUI using the router LAN address.


==Isolating hotspot clients communication==
===Isolating hotspot clients communication===
In our default setup, hotspot clients have the ability to communicate with each other. To restrict this communication, we'll need to make an adjustment on both your TAP100 device and your router.
In our default setup, hotspot clients have the ability to communicate with each other. To restrict this communication, we'll need to make an adjustment on both : your TAP100 device and your router.
<ol>
<ol>
<li> Access your TAP100 WebUI. </li>
<li> Access your TAP100 WebUI </li>
<li> Navigate to '''Network -> Wireless''' and click on the "Edit" button for your interface. </li>
<li> Navigate to '''Network -> Wireless''' and click on the "Edit" button for your interface </li>
<li> In the configuration window, go to the Advanced Settings section and enable the "Isolate Clients" option by clicking the "ON" button. </li>
<li> In the configuration window, go to the Additional Settings section and enable the "Isolate Clients" option by clicking the "ON" button </li>
</ol>
</ol>
[[File:ISOLATE CLIENTS HOTSPOT.png|border|class=tlt-border]]
[[File:Hotspot_14_lan.png|border|class=tlt-border|1000px]]
 
To further ensure that clients connected to the router's Wi-Fi interface cannot communicate with hotspot clients, I recommend enabling the "Isolate Clients" option on your router wi-fi interface as well.
To further ensure that clients connected to the router's Wi-Fi interface cannot communicate with hotspot clients, I recommend enabling the "Isolate Clients" option on your router wi-fi interface as well.


By implementing these adjustments, you'll effectively prevent communication between all hotspot clients regardless of whether they are connected to the Routers Hotspot Network directly or through TAP 100 AP.
By implementing these adjustments, you'll effectively prevent communication between all hotspot clients regardless of whether they are connected to the Routers Hotspot Network directly or through TAP 100 AP.
==Testing==
===Authenticating to the Hotspot network===
After client connects to hotspot network, the authentication page should automatically open up on your default browser.
[[File:Login_page_hotspot.png|border|class=tlt-border|1050px]]
After entering the required details, clients will have internet connection. The credentials you need to use are the ones you specified when creating the local user earlier.
===DHCP assigned IP address for TAP100 ===
You can find what kind of IP address was assigned to TAP100 by navigating on router WebUI to '''Status -> Network -> LAN'''. There you will see TAP100 entry with it's mac address, lease time and assigned IP address. You can access TAP100 WebUI with this IP address.
[[File:Dhcp leases management vlan.png|border|class=tlt-border|1050px]]

Latest revision as of 10:52, 6 August 2024

The information in this page is updated in accordance with 00.07.08 firmware version. .

Introduction

This article provides instructions on how to expand the hotspot network of the RUT956 router using the TAP100 access point. It's important to clarify that TAP100 cannot function as an independent hotspot network - it serves as an access point. The network management and control will be handled by the RUT device, with the TAP100 extending the coverage area.


Configuration overview and prerequisites

Before we begin, let's take a look at the configuration that we are attempting to achieve and the prerequisites that make it possible. For this setup we are going to use Teltonika router RUT956 and access point TAP100.

Prerequisites:

  • Teltonika Networks router with WiFi capabilities
  • Teltonika Networks wireless AP TAP100 connected to the LAN port of the Router
  • Preferably two end devices (PC, Laptop, Smartphone)
  • RMS account (useful to have)

If you're having trouble finding any page or some of the parameters described here on your device's WebUI, you should turn on "Advanced WebUI" mode. You can do that by clicking the "Advanced" button, which is located at the top-right corner of the WebUI.

Router configuration

Creating new VLANs on Router


Firstly, we are going to configure VLANs for port that we are going to use to connect our TAP100. In this example, TAP100 will be connected to RUT956 LAN Port 3. To do this, navigate on router Webui and go to Network -> VLAN -> Port based and do the following steps:

  1. Press ADD button two times. This will add two new VLAN interfaces
  2. On LAN3 ( we are going to connect TAP to RUT956 LAN3 port) choose off on VLAN ID1
  3. On newly created vlan ( default VLAN ID will be 3) change the default VLAN ID to 50 and choose "Tagged" option on LAN3 port
  4. On second newly created vlan ( default VLAN ID will be 4) change the default VLAN ID to 150 and choose "Tagged" option on LAN3
  5. Press Save & Apply button

Creating Management Firewall Zone


  1. Open WebUI -> Network -> Firewall -> General Settings -> Zones, Add new zone

Zone Management


General Settings

Make following changes in the new zone:

  1. Enter Name: Management
  2. Selec Input: Accept
  3. Select Allow forward to destination zones: lan

Management VLAN interface configuration


After adding the new VLANs, the next step is to configure the interfaces that will be associated with these VLANs. In this example, we will begin by configuring the "Management" interface, which is intended for device management. To do this, navigate on router WebUI to Network -> LAN. While there, add new interface. To do this, simply just write management or any other name that you prefer for this interface and press add. In pop-up window you need to do the following steps :

  1. Enable interface
  2. Choose "Static" protocol
  3. Choose your preferred IP address. We are going to use 192.168.150.1 for management purposes
  4. Choose netmask of 255.255.255.0 or any other that you prefer
  5. Enable DHCP server
  6. Next, we need to navigate to Physical Settings of the same interface and choose eth0.150 interface
  7. Lastly, we need to navigate to Firewall settings of the same interface and add custom "Management" zone

Hotspot VLAN interface configuration

Now that we have established the management VLAN interface, we can proceed to configure the hotspot VLAN interface. To do this, as before, please navigate on router WebUI to Network -> LAN. While there, add new interface. To do this, simply just write hotspot or any other name that you prefer for this interface and press add. In pop-up window you need to do the following steps :

  1. Enable the interface
  2. Enter interface name as "Hotspot"
  3. Protocol should be set as "None"
  4. Next, In physical settings turn on "Bridge Interfaces"
  5. Additionally select eth0.50 interface
  6. Lastly, In firewall settings, choose LAN zone
  7. Dont forget to press Save & Apply

Router Hotspot configuration


Creating hotspot local user


To set up a hotspot instance on the RUT956 router, we firstly must download the hotspot package from the device's package manager. You can access the package manager by navigating to the router's WebUI interface to System -> Package Manager -> Packages.

After you have successfully installed the hotspot package, the next step is to access hotspot configuration settings. Please navigate to Services -> Hotspot -> Local users as we will be configuring local user authentication for our Hotspot instance. While in this section, please follow these steps :

  1. Enter your preferred username
  2. Enter your preferred password
  3. Press add button

It's crucial to remember and securely store these credentials, as they will be used by users to authenticate themselves on the hotspot network successfully.

Hotspot interface configuration


Now that we've successfully created a hotspot local user, the next step is to configure the hotspot interface. To achieve this, let's navigate to the router's WebUI and access Services -> Hotspot -> General. Once there, please follow these steps:

  1. Choose Hotspot interface
  2. Press "ADD" button

Next, in the pop-up window, please click the "Enable" button. You can choose to either leave all other settings at their default values or make adjustments as per your preferences. For the purpose of this configuration, we'll maintain the default settings.

Access point (TAP100) configuration

From the router's perspective, we've successfully configured all the necessary settings. Now, let's proceed to configure the TAP100.

To begin, we'll have to access TAP100's WebUI. Instructions on how to access the TAP100 WebUI can be found in another article on our Wiki here

After successfully establishing a connection to the TAP100 WebUI, the next step is to navigate to Network -> Wireless SSIDs. Within this section, press edit button on SSID and in pop-up window on VLAN ID option choose custom and enter 50.

After this, navigate to Network -> IP Settings and under Management VLAN option choose custom and enter 150. Also, make sure that Mode is set to Static + DHCP.

That concludes the necessary configuration steps for the TAP100. Now, let's establish the connection between your router and the TAP100. To do this, you can simply connect one end of an Ethernet cable to the router's LAN3 port and the other end to the TAP100's Ethernet IN port on the PoE injector. For more detailed installation instructions, please refer to the installation guide which can be found here

Optional configurations

Access router through hotspot

With the current configuration, clients doesn't have have access to the router WebUI. This section outlines additional steps to enable hotspot clients to access the router's WebUI.

To achieve this, we only need to create one firewall rule on the router. Here's how to do it:

To do this, navigate on router WebUI to Network -> Firewall -> Traffic Rules.

Once there, we need to create new rule with the following details :

  1. Type  : Add new forward rule
  2. Name : Enter any desired name for this rule
  3. Source Zone : hotspot
  4. Destination Zone : lan (we will modify this later)
  5. Press "ADD" button


After completing these steps, a pop-up window will appear, where you need to enter the following details:

  1. Protocol: TCP
  2. Destination Zone  : Device (input)
  3. Destination Port  : HTTP (80), HTTPS(443)
  4. Don't forget to enable and save it

With this firewall rule in place, all clients connected to the hotspot will have access to the router's WebUI using the router LAN address.

Isolating hotspot clients communication

In our default setup, hotspot clients have the ability to communicate with each other. To restrict this communication, we'll need to make an adjustment on both : your TAP100 device and your router.

  1. Access your TAP100 WebUI
  2. Navigate to Network -> Wireless and click on the "Edit" button for your interface
  3. In the configuration window, go to the Additional Settings section and enable the "Isolate Clients" option by clicking the "ON" button

To further ensure that clients connected to the router's Wi-Fi interface cannot communicate with hotspot clients, I recommend enabling the "Isolate Clients" option on your router wi-fi interface as well.

By implementing these adjustments, you'll effectively prevent communication between all hotspot clients regardless of whether they are connected to the Routers Hotspot Network directly or through TAP 100 AP.

Testing

Authenticating to the Hotspot network

After client connects to hotspot network, the authentication page should automatically open up on your default browser.

After entering the required details, clients will have internet connection. The credentials you need to use are the ones you specified when creating the local user earlier.

DHCP assigned IP address for TAP100

You can find what kind of IP address was assigned to TAP100 by navigating on router WebUI to Status -> Network -> LAN. There you will see TAP100 entry with it's mac address, lease time and assigned IP address. You can access TAP100 WebUI with this IP address.