RUT900 Hotspot: Difference between revisions
No edit summary |
No edit summary |
||
Line 389: | Line 389: | ||
The '''Advertisement''' Authentication mode doesn't use any kind of actual authentication. Instead when a user connects to the Hotspot he first gets redirected to a specified advertisement page. After that the user is free to use the Hotspot. | The '''Advertisement''' Authentication mode doesn't use any kind of actual authentication. Instead when a user connects to the Hotspot he first gets redirected to a specified advertisement page. After that the user is free to use the Hotspot. | ||
[[File: | [[File:Services_hotspot_configuration_advertisement_v3.PNG|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> |
Revision as of 13:26, 18 February 2020
Main Page > EOL Products > RUT900 > RUT900 Manual > RUT900 WebUI > RUT900 Services section > RUT900 HotspotSummary
Wireless Hotspots are essentially Wireless Access Points - they provide network and/or internet access to other Wi-Fi devices. The difference is that Hotspots are a lot more versatile when it comes to managing, monitoring and authenticating the wireless network's users. For example, while Wireless APs can be password protected, with Hotspots you can configure different users with different names, passwords, even data limits and data speeds and more. This chapter is an overview of the Wireless Hotspot function in RUT routers.
General
The General tab is where most of the Hotspot configurations take place. This section will be divided into six sub-sections - one for each Authentication mode, since the chosen Authentication mode will define how the Hotspot will be configured in general.
External Radius
External Radius authentication mode uses an external Radius server, to which you have to provide an address to, instead of using the router's internal Radius server.
field name | value | description |
---|---|---|
Configuration profile | Custom | Cloud4wi | Hotspotsystem; Default: Custom | If not set to Custom, Configuration profile selections will automatically fill all the fields in accordance with the chosen profile. It also automatically adds an exception for the chosen service in the Walled Garden section. Used only with External radius Authentication mode. |
Enable | yes | no; Default: no | Toggles Wi-Fi Hotspot ON or OFF |
AP IP | ip; Default: 192.168.2.254/24 | Access Point IP address defines the IP address of your Hotspot's network |
Logout address | host | ip; Default: 1.1.1.1 | An address that can be used by users to logout from the Hotspot session |
Authentication mode | External radius | Internal radius | Without radius | Advertisement | MAC auth | SMS OTP; Default: Without radius | Authentication mode defines how users will connect to the Hotspot |
Authentication protocol | PAP | CHAP; Default: PAP | Authentication protocol used to authenticate new connections on the Hotspot |
Terms of service | yes | no; Default: no | If enabled, users have to agree to the Terms of service before logging in. Custom Terms of service can be defined in the Landing Page section |
RADIUS server #1 | RADIUS server #2 | ip; Default: " " | The IP address of the RADIUS server that is to be used for Authenticating your wireless clients |
Authentication port | integer [0..65535]; Default: 1812 | RADIUS server authentication port |
Accounting port | integer [0..65535]; Default: 1813 | RADIUS server accounting port |
Radius secret key | string; Default: " " | The secret key is a password used for authentication with the RADIUS server |
UAM port | integer [0..65535]; Default: 4990 | Port to bind for authenticating clients |
UAM UI port | integer [0..65535]; Default: 4990 | UAM User Interface port |
UAM secret | string; Default: " " | Shared secret between the UAM server and the Hotspot |
NAS identifier | string; Default: " " | NAS-Identifier is one of the basic RADIUS attributes |
Swap octets | yes | no; Default: no | Swaps the meaning of input octets and output as it relates to RADIUS attributes |
Location name | string; Default: " " | Custom location name for your Hotspot |
External landing page | yes | no; Default: no | Enables the use of an external landing page |
Protocol | HTTP | HTTPS; Default: HTTP | Connection protocol of your Hotspot |
HTTPS redirect | yes | no; Default: no | Redirects HTTP pages to landing page |
SSL key file | .key file; Default: " " | SSL key file used for authentication. This field becomes visible only if HTTPS redirect is enabled |
SSL certificate file | .crt file; Default: " " | SSL certificate file used for authentication. This field becomes visible only if HTTPS redirect is enabled |
Use custom DNS | yes | no; Default: no | Enables the use of custom DNS servers instead of your regular DNS |
DNS server 1 | DNS server 2 | ip; Default: " " | Additional DNS servers that are to be used by the Hotspot. These fields become visible only if Use custom DNS is enabled |
Internal Radius
Internal Radius is Authentication mode that uses the router's internal RADIUS server for authentication. Teltonika routers' RADIUS server has RFC 2866 RADIUS Accounting and RFC 2869 RADIUS Extensions implemented.
field name | value | description |
---|---|---|
Configuration profile | Custom | Cloud4wi | Hotspotsystem; Default: Custom | If not set to Custom, Configuration profile selections will automatically fill all the fields in accordance with the chosen profile. It also automatically adds an exception for the chosen service in the Walled Garden section. Used only with External radius Authentication mode. |
Enable | yes | no; Default: no | Toggles Wi-Fi Hotspot ON or OFF |
AP IP | ip; Default: 192.168.2.254/24 | Access Point IP address defines the IP address of your Hotspot's network |
Logout address | host | ip; Default: 1.1.1.1 | An address that can be used by users to logout from the Hotspot session |
Authentication mode | External radius | Internal radius | Without radius | Advertisement | MAC auth | SMS OTP; Default: Without radius | Authentication mode defines how users will connect to the Hotspot |
Terms of service | yes | no; Default: no | If enabled, users have to agree to the Terms of service before logging in. Custom Terms of service can be defined in the Landing Page section |
External landing page | yes | no; Default: no | Enables the use of an external landing page |
Protocol | HTTP | HTTPS; Default: HTTP | Connection protocol of your Hotspot |
HTTPS redirect | yes | no; Default: no | Redirects HTTP pages to landing page |
SSL key file | .key file; Default: " " | SSL key file used for authentication. This field becomes visible only if HTTPS redirect is enabled |
SSL certificate file | .crt file; Default: " " | SSL certificate file used for authentication. This field becomes visible only if HTTPS redirect is enabled |
Use custom DNS | yes | no; Default: no | Enables the use of custom DNS servers instead of your regular DNS |
DNS server 1 | DNS server 2 | ip; Default: " " | Additional DNS servers that are to be used by the Hotspot. These fields become visible only if Use custom DNS is enabled |
Information on how to configure Internal radius server can be found here.
Without Radius
Without Radius Authentication doesn't use a Radius server to authenticate users connecting to the Hotspot, instead it gives you the possibility to configure different users with different password and session parameters.
field name | value | description |
---|---|---|
Configuration profile | Custom | Cloud4wi | Hotspotsystem; Default: Custom | If not set to Custom, Configuration profile selections will automatically fill all the fields in accordance with the chosen profile. It also automatically adds an exception for the chosen service in the Walled Garden section. Used only with External radius Authentication mode. |
Enable | yes | no; Default: no | Toggles Wi-Fi Hotspot ON or OFF |
AP IP | ip; Default: 192.168.2.254/24 | Access Point IP address defines the IP address of your Hotspot's network |
Logout address | host | ip; Default: 1.1.1.1 | An address that can be used by users to logout from the Hotspot session |
Authentication mode | External radius | Internal radius | Without radius | Advertisement | MAC auth | SMS OTP; Default: Without radius | Authentication mode defines how users will connect to the Hotspot |
Terms of service | yes | no; Default: no | If enabled, users have to agree to the Terms of service before logging in. Custom Terms of service can be defined in the Landing Page section |
External landing page | yes | no; Default: no | Enables the use of an external landing page |
Protocol | HTTP | HTTPS; Default: HTTP | Connection protocol of your Hotspot |
HTTPS redirect | yes | no; Default: no | Redirects HTTP pages to landing page |
SSL key file | .key file; Default: " " | SSL key file used for authentication. This field becomes visible only if HTTPS redirect is enabled |
SSL certificate file | .crt file; Default: " " | SSL certificate file used for authentication. This field becomes visible only if HTTPS redirect is enabled |
Use custom DNS | yes | no; Default: no | Enables the use of custom DNS servers instead of your regular DNS |
DNS server 1 | DNS server 2 | ip; Default: " " | Additional DNS servers that are to be used by the Hotspot. These fields become visible only if Use custom DNS is enabled |
Users Configuration
The Users Configuration tab is used to create new, unique users that can connect to the Hotspot.
field name | value | description |
---|---|---|
Username | string; Default: " " | A custom user name used to authenticate clients connecting to the Hotspot |
Password | string; Default: " " | A custom password for the specified user name |
Session Template | string; Default: unlimited | Session templates define session settings for different users. The unlimited Session Template is a default template with no restrictions. More on Session Template in the next section |
Session Templates
A Session Template is a set of rules that can be prescribed to a Hotspot user. A default template named unlimited is present in the router, but it has no configured restrictions. You can edit the default template or you can create a custom template and configure it.
field name | value | description |
---|---|---|
Idle timeout | integer; Default: " " | A timeout in seconds after which idle users are automatically disconnected from the Hotspot. 0 means unlimited |
Session timeout | integer; Default: " " | A timeout in seconds after users are automatically disconnected from the Hotspot. The timeout countdown begins when a user is authenticated to the Hotspot and, after an amount of time specified in this field, the user gets disconnected from the Hotspot. 0 means unlimited |
Download bandwidth | integer; Default: " " | Maximum download bandwidth that the users assigned to this template can achieve. Bandwidth can be specified in Kbit/s or Mbit/s |
Upload bandwidth | integer; Default: " " | Maximum upload bandwidth that the users assigned to this template can achieve. Bandwidth can be specified in Kbit/s or Mbit/s |
Download limit | integer; Default: " " | A received data limit that the users assigned to this template can reach. After the data limit is reached, the user will lose data connection. Download limit is specified in MB |
Upload limit | integer; Default: " " | A sent data limit that the users assigned to this template can reach. After the data limit is reached, the user will lose data connection. Upload limit is specified in MB |
Period | Month | Week | Day; Default: Month | The beginning of the period during which the restriction specified in this section will apply. After the period is over, all specified limits are reset |
Start day | Start hour | integer [1..31] | Monday..Sunday | integer [1..24]; Default: day 1 | Specifies which day of the month, week or hour of the day the limits will be reset |
Advertisement
The Advertisement Authentication mode doesn't use any kind of actual authentication. Instead when a user connects to the Hotspot he first gets redirected to a specified advertisement page. After that the user is free to use the Hotspot.
field name | value | description |
---|---|---|
Configuration profile | Custom | Cloud4wi | Hotspotsystem; Default: Custom | If not set to Custom, Configuration profile selections will automatically fill all the fields in accordance with the chosen profile. It also automatically adds an exception for the chosen service in the Walled Garden section. Used only with External radius Authentication mode. |
Enable | yes | no; Default: no | Toggles Wi-Fi Hotspot ON or OFF |
AP IP | ip; Default: 192.168.2.254/24 | Access Point IP address defines the IP address of your Hotspot's network |
Authentication mode | External radius | Internal radius | Without radius | Advertisement | MAC auth | SMS OTP; Default: Without radius | Authentication mode defines how users will connect to the Hotspot |
Advertisement address | host | ip; Default: " " | The address of the advertisement page that newly connected users will be redirected to |
HTTPS redirect | yes | no; Default: no | Redirects HTTP pages to landing page |
SSL key file | .key file; Default: " " | SSL key file used for authentication. This field becomes visible only if HTTPS redirect is enabled |
SSL certificate file | .crt file; Default: " " | SSL certificate file used for authentication. This field becomes visible only if HTTPS redirect is enabled |
Use custom DNS | yes | no; Default: no | Enables the use of custom DNS servers instead of your regular DNS |
DNS server 1 | DNS server 2 | ip; Default: " " | Additional DNS servers that are to be used by the Hotspot. These fields become visible only if Use custom DNS is enabled |
MAC auth
MAC auth Authentication mode authenticates users by their MAC address. A list of accepted or unaccepted MAC addresses can be configured in the router's WebUI's Wireless section under Interface Configuration->MAC Filter
field name | value | description |
---|---|---|
Configuration profile | Custom | Cloud4wi | Hotspotsystem; Default: Custom | If not set to Custom, Configuration profile selections will automatically fill all the fields in accordance with the chosen profile. It also automatically adds an exception for the chosen service in the Walled Garden section. Used only with External radius Authentication mode. |
Enable | yes | no; Default: no | Toggles Wi-Fi Hotspot ON or OFF |
AP IP | ip; Default: 192.168.2.254/24 | Access Point IP address defines the IP address of your Hotspot's network |
Logout address | host | ip; Default: 1.1.1.1 | An address that can be used by users to logout from the Hotspot session |
Authentication mode | External radius | Internal radius | Without radius | Advertisement | MAC auth | SMS OTP; Default: Without radius | Authentication mode defines how users will connect to the Hotspot |
Terms of service | yes | no; Default: no | If enabled, users have to agree to the Terms of service before logging in. Custom Terms of service can be defined in the Landing Page section |
Password protection | yes | no; Default: no | Enables Hotspot password protection |
Password | string; Default: " " | A password used to authenticate connecting clients to the Hotspot |
Website access link | Link | Auto redirect | Custom address; Default: no | Requested website access mode |
Protocol | HTTP | HTTPS; Default: HTTP | Connection protocol of your Hotspot |
HTTPS redirect | yes | no; Default: no | Redirects HTTP pages to landing page |
SSL key file | .key file; Default: " " | SSL key file used for authentication. This field becomes visible only if HTTPS redirect is enabled |
SSL certificate file | .crt file; Default: " " | SSL certificate file used for authentication. This field becomes visible only if HTTPS redirect is enabled |
Use custom DNS | yes | no; Default: no | Enables the use of custom DNS servers instead of your regular DNS |
DNS server 1 | DNS server 2 | ip; Default: " " | Additional DNS servers that are to be used by the Hotspot. These fields become visible only if Use custom DNS is enabled |
SMS OTP
With SMS OTP Authentication mode connecting users are prompted to enter their phone number. After that, the router sends and SMS message containing a code to the specified number. Users then authenticate themselves to the Hotspot using this code.
field name | value | description |
---|---|---|
Configuration profile | Custom | Cloud4wi | Hotspotsystem; Default: Custom | If not set to Custom, Configuration profile selections will automatically fill all the fields in accordance with the chosen profile. It also automatically adds an exception for the chosen service in the Walled Garden section. Used only with External radius Authentication mode. |
Enable | yes | no; Default: no | Toggles Wi-Fi Hotspot ON or OFF |
AP IP | ip; Default: 192.168.2.254/24 | Access Point IP address defines the IP address of your Hotspot's network |
Authentication mode | External radius | Internal radius | Without radius | Advertisement | MAC auth | SMS OTP; Default: Without radius | Authentication mode defines how users will connect to the Hotspot |
Protocol | HTTP | HTTPS; Default: HTTP | Connection protocol of your Hotspot |
HTTPS redirect | yes | no; Default: no | Redirects HTTP pages to landing page |
SSL key file | .key file; Default: " " | SSL key file used for authentication. This field becomes visible only if HTTPS redirect is enabled |
SSL certificate file | .crt file; Default: " " | SSL certificate file used for authentication. This field becomes visible only if HTTPS redirect is enabled |
Use custom DNS | yes | no; Default: no | Enables the use of custom DNS servers instead of your regular DNS |
DNS server 1 | DNS server 2 | ip; Default: " " | Additional DNS servers that are to be used by the Hotspot. These fields become visible only if Use custom DNS is enabled |
Walled Garden
You can configure a list of addresses that users connected to the Hotspot will be able to reach without any authentication. By default this list is empty. Click the Add button to add a new address.
field name | value | description |
---|---|---|
Enable | yes | no; Default: no | Enables or disables an entry of the list |
Address | host | ip; Default: " " | An address that users connected to the Hotspot can reach without authentication |
Port | integer [0..65535]; Default: " " | Specifies the port through which the user can connect to the provided address. This field becomes visible only if Allow subdomains is disabled |
Allow subdomains | yes | no; Default: no | If checked, users can connect to the specified address and all of its subdomains |
Restricted Internet Access
The Restricted Internet Access page provides you with the possibility to restrict internet access on Hotspot on specified hours. Blue squares represent restricted access, white squares - allowed access. Bellow is an example of a configuration that restricts internet access outside of working hours.
Logging
The Hotspot Logging section is used to periodically send Hotspot information to an FTP server.
field name | value | description |
---|---|---|
Enable | yes | no; Default: no | Toggles logging to FTP ON or OFF |
Server address | host | ip; Default: your.ftp.server | FTP server address. |
User name | string; Default: username | User name used for authentication when logging into an FTP server |
Password | string; Default: " " | Password used for authentication when logging into an FTP server |
Port | integer [0..65535]; Default: 21 | FTP server port |
File name extras | No extra information | MAC address | Serial number | Custom string; Default: No extra information | Extra information to be added to the log filename |
FTP Upload Settings
Here you can configure your timing settings for the log upload via FTP feature.
field name | value | description |
---|---|---|
Mode | Fixed | Interval; Default: Fixed | The scheduling mode to be used for uploading to FTP server |
Hours | Minutes | Days | time; Default: 8 hours 15 minutes | Time interval when the uploads will take place |
Wifi Log/SMS OTP Log
WiFi and SMS OTP logs show information about connections to your WiFi Hotspot. FTP logging has to be enabled.
Landing Page
This section is used to define how your Hotspot's Landing Page will look like.
Template
This is a template based on the default landing page. You can edit its HTML code to make it look however you want!
Custom Landing Page
Radius Server
This section is used to configure your Radius Server for use with Internal radius Authentication mode
field name | value | description |
---|---|---|
Enable | yes | no; Default: no | Toggles Radius Server ON or OFF |
Remote access | yes | no; Default: no | Toggles remote access to the Radius Server ON or OFF. |
Authentication port | integer [0..65535]; Default: 1812 | Radius server authentication port |
Accounting port | integer [0..65535]; Default: 1813 | Radius server accounting port |
Session Settings
A Session Template is a set of rules that can be prescribed to a Hotspot user. A default template named unlimited is present in the router, but it has no configured restriction. You can edit the default template or you can create a custom template and configure it.
field name | value | description |
---|---|---|
Idle timeout | integer; Default: " " | A timeout in seconds after which idle users are automatically disconnected from the Hotspot. 0 means unlimited |
Session timeout | integer; Default: " " | A timeout in seconds after users are automatically disconnected from the Hotspot. The timeout countdown begins when a user is authenticated to the Hotspot and, after an amount of time specified in this field, the user gets disconnected from the Hotspot. 0 means unlimited |
Download bandwidth | integer; Default: " " | Maximum download bandwidth that the users assigned to this template can achieve. Bandwidth can be specified in Kbit/s or Mbit/s |
Upload bandwidth | integer; Default: " " | Maximum upload bandwidth that the users assigned to this template can achieve. Bandwidth can be specified in Kbit/s or Mbit/s |
Download limit | integer; Default: " " | A received data limit that the users assigned to this template can reach. After the data limit is reached, the user will lose data connection. Download limit is specified in MB |
Upload limit | integer; Default: " " | A sent data limit that the users assigned to this template can reach. After the data limit is reached, the user will lose data connection. Upload limit is specified in MB |
Period | Month | Week | Day; Default: Month | The beginning of the period during which the restriction specified in this section will apply. After the period is over, all specified limits are reset |
Start day | Start hour | integer [1..31] | Monday..Sunday | integer [1..24]; Default: day 1 | Specifies which day of the month, week or hour of the day the limits will be reset |
Users Configuration Settings
The Users Configuration tab is used to create new, unique users that can connect to the Hotspot.
field name | value | description |
---|---|---|
Username | string; Default: " " | A custom user name used to authenticate clients connecting to the Hotspot |
Password | string; Default: " " | A custom password for the specified user name |
Session Template | string; Default: unlimited | Session templates define session settings for different users. The unlimited Session Template is a default template with no restrictions. More on Session Template in the next section |
Clients Configuration Settings
field name | value | description |
---|---|---|
Enable | yes | no; Default: no | Toggles Clients Configuration ON or OFF |
Client name | string; Default: " " | A custom user name used to authenticate clients connecting to the Hotspot |
IP address | ip; Default: " " | The IP address of the client |
Netmask | integer [0..32]; Default: " " | The netmask of the client |
Radius shared secret | string; Default: " " | Radius shared secret used for communication between the client/NAS and the radius server |
Statistics
The Statistics page shows statistics about connections to the hotspot.
Manage
With the help of the Manage page you manage the users that are connected to your Hotspot. To reach the Manage window, go to Services->Hotspot. The Manage button will be located next to your Hotspot instance.