Changes

In this example we will perform a basic external Radius server configuration and test it with RUT device for Hotspot authentication. We will use ''freeradius'' package to set up a local Radius server on Ubuntu operating system. A router with a public IP address will be directly connected to the Radius server and forward authentication requests to a LAN IP address of the server via default Radius ports.

In this example we will perform a basic external Radius server configuration and test it with RUT device for Hotspot authentication. We will use ''freeradius'' package to set up a local Radius server on Ubuntu operating system. A router with a public IP address will be directly connected to the Radius server and forward authentication requests to a LAN IP address of the server via default Radius ports.

==Prerequisites==

==Prerequisites==

Firstly, let us set a static lease for the Ubuntu machine running Radius server and configure port forwarding:

Firstly, let us set a static lease for the Ubuntu machine running Radius server and configure port forwarding:

* Login to WebUI and navigate to Network → Interfaces → LAN and add a static lease to the MAC address of Ubuntu machine.

* Login to WebUI and navigate to Network → Interfaces → LAN

* Add a static lease to the MAC address of Ubuntu machine.

* Navigate to Network → Firewall → Port Forwards and add two new rules to forward 1812 and 1813 ports from WAN to Radius server on the same ports.

* Navigate to Network → Firewall → Port Forwards and add two new rules to forward 1812 and 1813 ports from WAN to Radius server on the same ports.

Radius server is now set with basic configuration and ready to be tested with RUT2 to authenticate Hotspot users.

Radius server is now set with basic configuration and ready to be tested with RUT2 to authenticate Hotspot users.

* Navigate to Network → Wireless and click add

* Navigate to Network → Wireless and click add

* Select "--No network--" in General setup → Network

* Select "--No network--" in General setup → Network

* Select "No encryption" in Wireless security → Encryption

* Select "No encryption" in Wireless security → Encryption

* Save & Apply

* Save & Apply

* Navigate to Services → Hotspot (Or install the package if it is not present by navigating to Services → Package Manager)

* Navigate to Services → Hotspot (Or install the package if it is not present by navigating to Services → Package Manager)

* Add new Hotspot instance by selecting Wireless access point created earlier

* Add new Hotspot instance by selecting Wireless access point created earlier

* Enable the Hotspot and select Radius as Authentication mode in General settings.

* Enable the Hotspot and select Radius as Authentication mode in General settings.

* Go to Radius menu, insert Public IP of the Radius server (RUT1 WAN IP address) and Radius secret key we created for the client before.

* Go to Radius menu, insert Public IP of the Radius server (RUT1 WAN IP address) and Radius secret key we created for the client before.

Our configuration is complete.

Our configuration is complete.

==Testing Authentication==

==Testing Authentication==

Now that we have the setup configured, we can test if the server authenticates the users.  

Now that we have the setup configured, we can test if the server authenticates the users.

 

In order to see authentication requests on the server side:

In order to see authentication requests on the server side:

a. Run radius server in debug mode by first disabling the freeradius service using command

a. Run radius server in debug mode by first disabling the freeradius service using command

<pre>

<pre>

</pre>

</pre>

Once we see the logs, we can connect to the Hotspot using user credentials defined from either a smartphone or another computer. You should login successfully and see Login OK message in the logs/debug:

Once we see the logs, we can connect to the Hotspot using user credentials defined from either a smartphone or another computer:

 

[[File:Networking Radius server hotspot login web v1.png|border|class=tlt-border|443x443px]]

* You should see authorization success window

* Logs should show Login OK message

[[Category:WIFI]]