RUT900 Hotspot: Difference between revisions

From Teltonika Networks Wiki
No edit summary
No edit summary
Line 389: Line 389:
The '''Advertisement''' Authentication mode doesn't use any kind of actual authentication. Instead when a user connects to the Hotspot he first gets redirected to a specified advertisement page. After that the user is free to use the Hotspot.  
The '''Advertisement''' Authentication mode doesn't use any kind of actual authentication. Instead when a user connects to the Hotspot he first gets redirected to a specified advertisement page. After that the user is free to use the Hotspot.  


[[File:Services hotspot configuration advertisement v 2.PNG]]
[[File:Services_hotspot_configuration_advertisement_v3.PNG|border|class=tlt-border]]


<table class="nd-mantable">
<table class="nd-mantable">

Revision as of 13:26, 18 February 2020

Main Page > EOL Products > RUT900 > RUT900 Manual > RUT900 WebUI > RUT900 Services section > RUT900 Hotspot

Summary

Wireless Hotspots are essentially Wireless Access Points - they provide network and/or internet access to other Wi-Fi devices. The difference is that Hotspots are a lot more versatile when it comes to managing, monitoring and authenticating the wireless network's users. For example, while Wireless APs can be password protected, with Hotspots you can configure different users with different names, passwords, even data limits and data speeds and more. This chapter is an overview of the Wireless Hotspot function in RUT routers.

General

The General tab is where most of the Hotspot configurations take place. This section will be divided into six sub-sections - one for each Authentication mode, since the chosen Authentication mode will define how the Hotspot will be configured in general.

External Radius


External Radius authentication mode uses an external Radius server, to which you have to provide an address to, instead of using the router's internal Radius server.

field name value description
Configuration profile Custom | Cloud4wi | Hotspotsystem; Default: Custom If not set to Custom, Configuration profile selections will automatically fill all the fields in accordance with the chosen profile. It also automatically adds an exception for the chosen service in the Walled Garden section. Used only with External radius Authentication mode.
Enable yes | no; Default: no Toggles Wi-Fi Hotspot ON or OFF
AP IP ip; Default: 192.168.2.254/24 Access Point IP address defines the IP address of your Hotspot's network
Logout address host | ip; Default: 1.1.1.1 An address that can be used by users to logout from the Hotspot session
Authentication mode External radius | Internal radius | Without radius | Advertisement | MAC auth | SMS OTP; Default: Without radius Authentication mode defines how users will connect to the Hotspot
Authentication protocol PAP | CHAP; Default: PAP Authentication protocol used to authenticate new connections on the Hotspot
Terms of service yes | no; Default: no If enabled, users have to agree to the Terms of service before logging in. Custom Terms of service can be defined in the Landing Page section
RADIUS server #1 | RADIUS server #2 ip; Default: " " The IP address of the RADIUS server that is to be used for Authenticating your wireless clients
Authentication port integer [0..65535]; Default: 1812 RADIUS server authentication port
Accounting port integer [0..65535]; Default: 1813 RADIUS server accounting port
Radius secret key string; Default: " " The secret key is a password used for authentication with the RADIUS server
UAM port integer [0..65535]; Default: 4990 Port to bind for authenticating clients
UAM UI port integer [0..65535]; Default: 4990 UAM User Interface port
UAM secret string; Default: " " Shared secret between the UAM server and the Hotspot
NAS identifier string; Default: " " NAS-Identifier is one of the basic RADIUS attributes
Swap octets yes | no; Default: no Swaps the meaning of input octets and output as it relates to RADIUS attributes
Location name string; Default: " " Custom location name for your Hotspot
External landing page yes | no; Default: no Enables the use of an external landing page
Protocol HTTP | HTTPS; Default: HTTP Connection protocol of your Hotspot
HTTPS redirect yes | no; Default: no Redirects HTTP pages to landing page
SSL key file .key file; Default: " " SSL key file used for authentication. This field becomes visible only if HTTPS redirect is enabled
SSL certificate file .crt file; Default: " " SSL certificate file used for authentication. This field becomes visible only if HTTPS redirect is enabled
Use custom DNS yes | no; Default: no Enables the use of custom DNS servers instead of your regular DNS
DNS server 1 | DNS server 2 ip; Default: " " Additional DNS servers that are to be used by the Hotspot. These fields become visible only if Use custom DNS is enabled

Internal Radius


Internal Radius is Authentication mode that uses the router's internal RADIUS server for authentication. Teltonika routers' RADIUS server has RFC 2866 RADIUS Accounting and RFC 2869 RADIUS Extensions implemented.

field name value description
Configuration profile Custom | Cloud4wi | Hotspotsystem; Default: Custom If not set to Custom, Configuration profile selections will automatically fill all the fields in accordance with the chosen profile. It also automatically adds an exception for the chosen service in the Walled Garden section. Used only with External radius Authentication mode.
Enable yes | no; Default: no Toggles Wi-Fi Hotspot ON or OFF
AP IP ip; Default: 192.168.2.254/24 Access Point IP address defines the IP address of your Hotspot's network
Logout address host | ip; Default: 1.1.1.1 An address that can be used by users to logout from the Hotspot session
Authentication mode External radius | Internal radius | Without radius | Advertisement | MAC auth | SMS OTP; Default: Without radius Authentication mode defines how users will connect to the Hotspot
Terms of service yes | no; Default: no If enabled, users have to agree to the Terms of service before logging in. Custom Terms of service can be defined in the Landing Page section
External landing page yes | no; Default: no Enables the use of an external landing page
Protocol HTTP | HTTPS; Default: HTTP Connection protocol of your Hotspot
HTTPS redirect yes | no; Default: no Redirects HTTP pages to landing page
SSL key file .key file; Default: " " SSL key file used for authentication. This field becomes visible only if HTTPS redirect is enabled
SSL certificate file .crt file; Default: " " SSL certificate file used for authentication. This field becomes visible only if HTTPS redirect is enabled
Use custom DNS yes | no; Default: no Enables the use of custom DNS servers instead of your regular DNS
DNS server 1 | DNS server 2 ip; Default: " " Additional DNS servers that are to be used by the Hotspot. These fields become visible only if Use custom DNS is enabled

Information on how to configure Internal radius server can be found here.

Without Radius


Without Radius Authentication doesn't use a Radius server to authenticate users connecting to the Hotspot, instead it gives you the possibility to configure different users with different password and session parameters.

field name value description
Configuration profile Custom | Cloud4wi | Hotspotsystem; Default: Custom If not set to Custom, Configuration profile selections will automatically fill all the fields in accordance with the chosen profile. It also automatically adds an exception for the chosen service in the Walled Garden section. Used only with External radius Authentication mode.
Enable yes | no; Default: no Toggles Wi-Fi Hotspot ON or OFF
AP IP ip; Default: 192.168.2.254/24 Access Point IP address defines the IP address of your Hotspot's network
Logout address host | ip; Default: 1.1.1.1 An address that can be used by users to logout from the Hotspot session
Authentication mode External radius | Internal radius | Without radius | Advertisement | MAC auth | SMS OTP; Default: Without radius Authentication mode defines how users will connect to the Hotspot
Terms of service yes | no; Default: no If enabled, users have to agree to the Terms of service before logging in. Custom Terms of service can be defined in the Landing Page section
External landing page yes | no; Default: no Enables the use of an external landing page
Protocol HTTP | HTTPS; Default: HTTP Connection protocol of your Hotspot
HTTPS redirect yes | no; Default: no Redirects HTTP pages to landing page
SSL key file .key file; Default: " " SSL key file used for authentication. This field becomes visible only if HTTPS redirect is enabled
SSL certificate file .crt file; Default: " " SSL certificate file used for authentication. This field becomes visible only if HTTPS redirect is enabled
Use custom DNS yes | no; Default: no Enables the use of custom DNS servers instead of your regular DNS
DNS server 1 | DNS server 2 ip; Default: " " Additional DNS servers that are to be used by the Hotspot. These fields become visible only if Use custom DNS is enabled


Users Configuration


The Users Configuration tab is used to create new, unique users that can connect to the Hotspot.

field name value description
Username string; Default: " " A custom user name used to authenticate clients connecting to the Hotspot
Password string; Default: " " A custom password for the specified user name
Session Template string; Default: unlimited Session templates define session settings for different users. The unlimited Session Template is a default template with no restrictions. More on Session Template in the next section

Session Templates


A Session Template is a set of rules that can be prescribed to a Hotspot user. A default template named unlimited is present in the router, but it has no configured restrictions. You can edit the default template or you can create a custom template and configure it.

field name value description
Idle timeout integer; Default: " " A timeout in seconds after which idle users are automatically disconnected from the Hotspot. 0 means unlimited
Session timeout integer; Default: " " A timeout in seconds after users are automatically disconnected from the Hotspot. The timeout countdown begins when a user is authenticated to the Hotspot and, after an amount of time specified in this field, the user gets disconnected from the Hotspot. 0 means unlimited
Download bandwidth integer; Default: " " Maximum download bandwidth that the users assigned to this template can achieve. Bandwidth can be specified in Kbit/s or Mbit/s
Upload bandwidth integer; Default: " " Maximum upload bandwidth that the users assigned to this template can achieve. Bandwidth can be specified in Kbit/s or Mbit/s
Download limit integer; Default: " " A received data limit that the users assigned to this template can reach. After the data limit is reached, the user will lose data connection. Download limit is specified in MB
Upload limit integer; Default: " " A sent data limit that the users assigned to this template can reach. After the data limit is reached, the user will lose data connection. Upload limit is specified in MB
Period Month | Week | Day; Default: Month The beginning of the period during which the restriction specified in this section will apply. After the period is over, all specified limits are reset
Start day | Start hour integer [1..31] | Monday..Sunday | integer [1..24]; Default: day 1 Specifies which day of the month, week or hour of the day the limits will be reset


The Advertisement Authentication mode doesn't use any kind of actual authentication. Instead when a user connects to the Hotspot he first gets redirected to a specified advertisement page. After that the user is free to use the Hotspot.

field name value description
Configuration profile Custom | Cloud4wi | Hotspotsystem; Default: Custom If not set to Custom, Configuration profile selections will automatically fill all the fields in accordance with the chosen profile. It also automatically adds an exception for the chosen service in the Walled Garden section. Used only with External radius Authentication mode.
Enable yes | no; Default: no Toggles Wi-Fi Hotspot ON or OFF
AP IP ip; Default: 192.168.2.254/24 Access Point IP address defines the IP address of your Hotspot's network
Authentication mode External radius | Internal radius | Without radius | Advertisement | MAC auth | SMS OTP; Default: Without radius Authentication mode defines how users will connect to the Hotspot
Advertisement address host | ip; Default: " " The address of the advertisement page that newly connected users will be redirected to
HTTPS redirect yes | no; Default: no Redirects HTTP pages to landing page
SSL key file .key file; Default: " " SSL key file used for authentication. This field becomes visible only if HTTPS redirect is enabled
SSL certificate file .crt file; Default: " " SSL certificate file used for authentication. This field becomes visible only if HTTPS redirect is enabled
Use custom DNS yes | no; Default: no Enables the use of custom DNS servers instead of your regular DNS
DNS server 1 | DNS server 2 ip; Default: " " Additional DNS servers that are to be used by the Hotspot. These fields become visible only if Use custom DNS is enabled

MAC auth


MAC auth Authentication mode authenticates users by their MAC address. A list of accepted or unaccepted MAC addresses can be configured in the router's WebUI's Wireless section under Interface Configuration->MAC Filter

field name value description
Configuration profile Custom | Cloud4wi | Hotspotsystem; Default: Custom If not set to Custom, Configuration profile selections will automatically fill all the fields in accordance with the chosen profile. It also automatically adds an exception for the chosen service in the Walled Garden section. Used only with External radius Authentication mode.
Enable yes | no; Default: no Toggles Wi-Fi Hotspot ON or OFF
AP IP ip; Default: 192.168.2.254/24 Access Point IP address defines the IP address of your Hotspot's network
Logout address host | ip; Default: 1.1.1.1 An address that can be used by users to logout from the Hotspot session
Authentication mode External radius | Internal radius | Without radius | Advertisement | MAC auth | SMS OTP; Default: Without radius Authentication mode defines how users will connect to the Hotspot
Terms of service yes | no; Default: no If enabled, users have to agree to the Terms of service before logging in. Custom Terms of service can be defined in the Landing Page section
Password protection yes | no; Default: no Enables Hotspot password protection
Password string; Default: " " A password used to authenticate connecting clients to the Hotspot
Website access link Link | Auto redirect | Custom address; Default: no Requested website access mode
Protocol HTTP | HTTPS; Default: HTTP Connection protocol of your Hotspot
HTTPS redirect yes | no; Default: no Redirects HTTP pages to landing page
SSL key file .key file; Default: " " SSL key file used for authentication. This field becomes visible only if HTTPS redirect is enabled
SSL certificate file .crt file; Default: " " SSL certificate file used for authentication. This field becomes visible only if HTTPS redirect is enabled
Use custom DNS yes | no; Default: no Enables the use of custom DNS servers instead of your regular DNS
DNS server 1 | DNS server 2 ip; Default: " " Additional DNS servers that are to be used by the Hotspot. These fields become visible only if Use custom DNS is enabled

SMS OTP


With SMS OTP Authentication mode connecting users are prompted to enter their phone number. After that, the router sends and SMS message containing a code to the specified number. Users then authenticate themselves to the Hotspot using this code.

field name value description
Configuration profile Custom | Cloud4wi | Hotspotsystem; Default: Custom If not set to Custom, Configuration profile selections will automatically fill all the fields in accordance with the chosen profile. It also automatically adds an exception for the chosen service in the Walled Garden section. Used only with External radius Authentication mode.
Enable yes | no; Default: no Toggles Wi-Fi Hotspot ON or OFF
AP IP ip; Default: 192.168.2.254/24 Access Point IP address defines the IP address of your Hotspot's network
Authentication mode External radius | Internal radius | Without radius | Advertisement | MAC auth | SMS OTP; Default: Without radius Authentication mode defines how users will connect to the Hotspot
Protocol HTTP | HTTPS; Default: HTTP Connection protocol of your Hotspot
HTTPS redirect yes | no; Default: no Redirects HTTP pages to landing page
SSL key file .key file; Default: " " SSL key file used for authentication. This field becomes visible only if HTTPS redirect is enabled
SSL certificate file .crt file; Default: " " SSL certificate file used for authentication. This field becomes visible only if HTTPS redirect is enabled
Use custom DNS yes | no; Default: no Enables the use of custom DNS servers instead of your regular DNS
DNS server 1 | DNS server 2 ip; Default: " " Additional DNS servers that are to be used by the Hotspot. These fields become visible only if Use custom DNS is enabled

Walled Garden


You can configure a list of addresses that users connected to the Hotspot will be able to reach without any authentication. By default this list is empty. Click the Add button to add a new address.

field name value description
Enable yes | no; Default: no Enables or disables an entry of the list
Address host | ip; Default: " " An address that users connected to the Hotspot can reach without authentication
Port integer [0..65535]; Default: " " Specifies the port through which the user can connect to the provided address. This field becomes visible only if Allow subdomains is disabled
Allow subdomains yes | no; Default: no If checked, users can connect to the specified address and all of its subdomains

Restricted Internet Access

The Restricted Internet Access page provides you with the possibility to restrict internet access on Hotspot on specified hours. Blue squares represent restricted access, white squares - allowed access. Bellow is an example of a configuration that restricts internet access outside of working hours.

Logging

The Hotspot Logging section is used to periodically send Hotspot information to an FTP server.

field name value description
Enable yes | no; Default: no Toggles logging to FTP ON or OFF
Server address host | ip; Default: your.ftp.server FTP server address.
User name string; Default: username User name used for authentication when logging into an FTP server
Password string; Default: " " Password used for authentication when logging into an FTP server
Port integer [0..65535]; Default: 21 FTP server port
File name extras No extra information | MAC address | Serial number | Custom string; Default: No extra information Extra information to be added to the log filename

FTP Upload Settings


Here you can configure your timing settings for the log upload via FTP feature.

field name value description
Mode Fixed | Interval; Default: Fixed The scheduling mode to be used for uploading to FTP server
Hours | Minutes | Days time; Default: 8 hours 15 minutes Time interval when the uploads will take place

Wifi Log/SMS OTP Log


WiFi and SMS OTP logs show information about connections to your WiFi Hotspot. FTP logging has to be enabled.

Landing Page

This section is used to define how your Hotspot's Landing Page will look like.

Template


This is a template based on the default landing page. You can edit its HTML code to make it look however you want!

Custom Landing Page


Radius Server

This section is used to configure your Radius Server for use with Internal radius Authentication mode

field name value description
Enable yes | no; Default: no Toggles Radius Server ON or OFF
Remote access yes | no; Default: no Toggles remote access to the Radius Server ON or OFF.
Authentication port integer [0..65535]; Default: 1812 Radius server authentication port
Accounting port integer [0..65535]; Default: 1813 Radius server accounting port

Session Settings


A Session Template is a set of rules that can be prescribed to a Hotspot user. A default template named unlimited is present in the router, but it has no configured restriction. You can edit the default template or you can create a custom template and configure it.

field name value description
Idle timeout integer; Default: " " A timeout in seconds after which idle users are automatically disconnected from the Hotspot. 0 means unlimited
Session timeout integer; Default: " " A timeout in seconds after users are automatically disconnected from the Hotspot. The timeout countdown begins when a user is authenticated to the Hotspot and, after an amount of time specified in this field, the user gets disconnected from the Hotspot. 0 means unlimited
Download bandwidth integer; Default: " " Maximum download bandwidth that the users assigned to this template can achieve. Bandwidth can be specified in Kbit/s or Mbit/s
Upload bandwidth integer; Default: " " Maximum upload bandwidth that the users assigned to this template can achieve. Bandwidth can be specified in Kbit/s or Mbit/s
Download limit integer; Default: " " A received data limit that the users assigned to this template can reach. After the data limit is reached, the user will lose data connection. Download limit is specified in MB
Upload limit integer; Default: " " A sent data limit that the users assigned to this template can reach. After the data limit is reached, the user will lose data connection. Upload limit is specified in MB
Period Month | Week | Day; Default: Month The beginning of the period during which the restriction specified in this section will apply. After the period is over, all specified limits are reset
Start day | Start hour integer [1..31] | Monday..Sunday | integer [1..24]; Default: day 1 Specifies which day of the month, week or hour of the day the limits will be reset

Users Configuration Settings


The Users Configuration tab is used to create new, unique users that can connect to the Hotspot.

field name value description
Username string; Default: " " A custom user name used to authenticate clients connecting to the Hotspot
Password string; Default: " " A custom password for the specified user name
Session Template string; Default: unlimited Session templates define session settings for different users. The unlimited Session Template is a default template with no restrictions. More on Session Template in the next section

Clients Configuration Settings


field name value description
Enable yes | no; Default: no Toggles Clients Configuration ON or OFF
Client name string; Default: " " A custom user name used to authenticate clients connecting to the Hotspot
IP address ip; Default: " " The IP address of the client
Netmask integer [0..32]; Default: " " The netmask of the client
Radius shared secret string; Default: " " Radius shared secret used for communication between the client/NAS and the radius server

Statistics

The Statistics page shows statistics about connections to the hotspot.

Manage

With the help of the Manage page you manage the users that are connected to your Hotspot. To reach the Manage window, go to Services->Hotspot. The Manage button will be located next to your Hotspot instance.