On Teltonika Networks devices a Hotspot is a service that provides authentication, authorization and accounting for a network. This chapter is an overview of the Hotspot section for RUT955 devices.
Note: Hotspot is additional software that can be installed from the Services → Package Manager page.
The Hotspot Instances section displays the main parameters of your Hotspot. By default, a Hotspot instance does not exist on the device. To create a new instance and begin configuration:
- select an 'Interface';
- click the 'Add' button;
After this, a new Hotspot configuration window will appear.
The General Settings window is where most of the Hotspot configuration takes place. Look to the sub-sections below for information on configuration fields found in the General Settings sections.
|Enable||off | on; default: on||Turns the Hotspot instance on or off.|
|Hotspot Network||ip/netmask; default: 192.168.2.0/24||IP address and subnet of the Hotspot network.|
|IP Address||ip; default: 192.168.2.254||Defines the IP address of your Hotspot router in network.|
|Authentication mode||Radius | Local user | SMS OTP |MAC auth ; default: Local users||Authentication mode defines how users will connect to the Hotspot.|
|Allow signup||off | on; default: off||Allows users to sign up to hotspot via landing page.|
|Expiration time||integer; default: 0||User credential expiration time. Applies to users who signed up via landing page.|
|Users group||user group; default: default||The user group to which users signed up via landing page should be assigned to.|
|Landing Page||Internal | External; default: Internal||If external Landing Page is chosen, new section, to enter website address, will appear, e.g., http://www.example.com|
|UAM Port||integer; default: 3990||Port to bind for authenticating clients.|
|UAM Secret||string; default: none||Shared secret between uamserver and hotspot.|
|Success page||Success Page | Original URL | Custom; default: Success page||Location to return to after successful authentication.|
|Additional interfaces||Available interfaces; default: none||Shows additional interfaces that can be attached to hotspot instance.|
|Logout address||ip; default: 126.96.36.199||An address that can be used by users to logout from the Hotspot session.|
|Protocol||HTTP | HTTPS; default: HTTP||Protocol to be used for landing page.|
|Enable TOS||off | on; default: off||Enables Terms of Service (ToS) requirement. Client device will be able to access the Internet only after agreeing ToS.|
|Trial access||off | on; default: off||Enables trial internet access for a specific group.|
|Trial access: Group||User group; default: default||Group of trial users.|
|HTTPS to landing page redirect||off | on; default: off||Redirect initial pre-landing page HTTPS requests to hotspot landing page.|
|Certificate files from device||off | on; default: off||Specified whether to upload key & certificate files from computer or to use files generated on this device via the System → Administration → Certificates page.|
|SSL key file||key file; default: none||Upload/select SSL key.|
|SSL certificate file||certificate file; default: none||Upload/select SSL certificate.|
|DNS server 1||ip; default: 188.8.131.52||Additional DNS servers that are to be used by the Hotspot.|
|DNS server 2||ip; default: 184.108.40.206||Additional DNS servers that are to be used by the Hotspot.|
Radius authentication mode uses an external RADIUS server, to which you have to provide an address to, instead of using the router's Local Authentication. If you are using Local authentication, this section is not visible.
|RADIUS server #1||ip; default: none||The IP address of the RADIUS server #1 that is to be used for Authenticating your wireless clients.|
|RADIUS server #2||ip; default: none||The IP address of the RADIUS server #2 that is to be used for Authenticating your wireless clients.|
|Authentication port||integer [0..65535]; default: 1812||RADIUS server authentication port.|
|Accounting port||integer [0..65535]; default: 1813||RADIUS server accounting port.|
|NAS identifier||string; default: none||NAS-Identifier is one of the basic RADIUS attributes.|
|Radius secret key||string; default: none||The secret key is a password used for authentication with the RADIUS server.|
|Swap octets||off | on; default: off||Swaps the meaning of input octets and output as it relates to RADIUS attributes.|
|Location name||string; default: none||Custom location name for your Hotspot.|
|Location ID||string; default: none||Custom location ID for your Hotspot.|
You can add a list of addresses that users connected to the Hotspot will be able to reach without any authentication. By default this list is empty. Simply write addresses into the Address List.
Format of address is website.com (does not include https://www).
The URL parameters section becomes visible when Landing page is selected as External in General settings section.
|UAM IP||string; default: none||The IP Address of the Captive Portal gateway.|
|UAM port||string; default: none||The port on which the Captive Portal will serve web content.|
|Called||string; default: none||The MAC address of the IP Address of the Captive Portal gateway.|
|MAC||string; default: none||The MAC address of the client trying to gain Internet access.|
|NAS id||string; default: none||An identification for the Captive Portal used in the RADIUS request.|
|Session id||string; default: none||The unique identifer for session.|
|User url||string; default: none||The URL which the user tried to access before he were redirected to the Captive Portal's URL's pages.|
|Challenge||string; default: none||A challenge that should be used together with the user's password to create an encrypted phrase used to log on.|
|Custom 1||string; default: none||Add custom name and custom value which will be displayed in url parameters.|
|-||SSID | Hostname | FW version | --Custom--; default: SSID||-|
|Custom 2||string; default: none||Add custom name and custom value which will be displayed in url parameters.|
|-||SSID | Hostname | FW version | --Custom--; default: SSID||-|
In this section you can add custom Scripts that will be executed after a session is authorized in the Session up section, after session has moved from authorized state to unauthorized in the Session down section and after a new user has been signed up in the User signup section.
The Local Users section is used to create and manage users that can connect to the Hotspot. The elements comprising the Local Users page are explained in the list and figure below.
- Entering a Username, Password and clicking the 'Add' button creates a new user.
- The 'Group' dropdown menu assigns a user to another group.
- The 'Edit' button lets you change a user's password or assign the user to another group.
- The 'Delete[X]' button deletes a user.
This section is used to define how your Hotspot's Landing Page will look like to connecting users.
General Settings section lets you choose the authentication protocol and theme that will be used in the Landing Page. You can download more themes using the Package Manager
The Themes section displays all available Landing Page themes. In order to edit a theme, click the 'Edit' button next to it.
The Images section allows you to upload custom images to different objects.
In View Settings you can access and modify default templates for various parts of landing page and edit their HTML code.
User Groups provides the possibility to set different connection limits for different users. A group called 'default' is already created and does not have any limitations set by default. You can
- create a new group by entering a custom Name and clicking 'Add'
- or configure the existing rule by clicking the 'Edit' button next to it.
A group's settings page will look similar to this:
|Idle timeout||integer; default: none||A timeout in seconds after which idle users are automatically disconnected from the Hotspot. (0 means unlimited.)|
|Time limit||integer; default: none||Disables hotspot user after time limit in sec is reached. (0, meaning unlimited)|
|Download bandwidth||integer; default: none||Maximum download bandwidth that the users assigned to this template can achieve. Bandwidth can be specified in Mbit/s.|
|Upload bandwidth||integer; default: none||Maximum upload bandwidth that the users assigned to this template can achieve. Bandwidth can be specified in Mbit/s.|
|Download limit||integer; default: none||A received data limit that the users assigned to this template can reach. After the data limit is reached, the user will lose data connection. Download limit is specified in MB.|
|Upload limit||integer; default: none||A sent data limit that the users assigned to this template can reach. After the data limit is reached, the user will lose data connection. Upload limit is specified in MB.|
|Warning||integer; default: none||Send an SMS warning to hotspot user after warning value of download or upload data in MB is reached. Only works with SMS OTP authentication.|
|Period||Month | Week | Day; default: Month||The beginning of the period during which the restriction specified in this section will apply. After the period is over, all specified limits are reset.|
|Start day||integer [1..31] | Monday..Sunday | integer [1..24]; default: 1||Choices changes depending on what 'Period' was chosen. Specifies which day of the month, week or hour of the day the limits will be reset.|
The User management section displays the status and session statistics of currently logged in users. You can also "kick" (deauthenticate) a user by clicking the 'Logout' button next to it.