Simple HotSpot Setup
From Antcor
Contents |
[edit]
HotSpot Setup using UAM authentication
[edit]
Example: Using HotSpot localhost as UAM authenticator
You will need 1 device setted up with latest Ikarus O.S version(no bridge mode) and internet access .
Initial state of the HotSpot for example:
- Host eth0(Enabled):192.168.1.119
- Host ath0(Enabled):0.0.0.0
- Default Gateway:192.168.1.240(...to internet)
- Open the INMS
- Right click to the AP node and choose "Advanced node configuration"
- Choose "HotSpot" tab from the horizontal third row of tabs
- Click Enable HotSpot and start the wizard
- Select as WAN interface the one that will connect to the internet
- Choose static ip and fill in the appropriate fields
- Click Next
- Select the physical interfaces to be used as Hotspot's interfaces for users to connect
- Press the ">>>" sign to add them
- When Hotspot is initialized these interfaces will be bridged under a bridge called br_HotSpot
- Click Next
- Hotspot will assign HotSpot users with an IP address in the range of the configured dynamic IP addresses subnet you choose.
- If DNS values are set to 0.0.0.0, the Hotspot will assign the router's DNS IP addresses.
- Click Next
- If the NAT Enable option is selected, HotSpot users' IP addresses will be translated to the WAN's IP address (Network Address Translation, Masquerade)
- Protection is performed through firewall rules. According to the protection level used, appropriate firewall rules will be generated. (The comment “Added_By_Hotspot” will be automatically generated.)
- Click Next
- If there are wireless interfaces used as HotSpot interfaces make the desired settings
- Click Next
- The radius server used to authenticate HotSpot users.
- Either the IP address or Domain name of at least one Radius Server must be configured. The second Radius server is used as a backup server (if present).
- Make the appropriate settings
- Click Next
- In this examble you click to enable UAM authentication
- UAM is the common Web-redirection authentication type. Hotspot users, after they have obtained an IP address, and opened a Web browser, will be redirected to the HotSpot's Web page to provide their Username and Password.
- In the domain field type localhost
- Click-enable Local
- Click Next
- Leave defaults or change as needed
- Click Next
- Leave defaults or change as needed
- Click Next
- Leave defaults or change as needed
- Click Next
- Check Hotspot configuration
- Click Submit to end the procedure and initialize the Hotspot
- Select Network tab on the above pane
- You should see the LAN interfaces you choose earlier bridged under br_HotSpot
- User being connected to one of the Hotspot's LAN interfaces when trying to connect to the internet should see the image below
- Username and Password for login to succeed must exist in Radius system database!
[edit]
Example:Using a remote PC as UAM authenticator
You will need 1 device setted up with latest Ikarus O.S version(no bridge mode) and internet access .
Initial state of the HotSpot for examble:
- Host eth0(Enabled):192.168.1.119
- Host ath0(Enabled):0.0.0.0
- Default Gateway:192.168.1.240(...to internet)
- Open the INMS
- Right click to the AP node and choose "Advanced node configuration"
- Choose "HotSpot" tab from the horizontal third row of tabs
- Click Enable HotSpot and start the wizard
- Select as WAN interface the one that will connect to the internet
- Choose static ip and fill in the appropriate fields
- Click Next
- Select the physical interfaces to be used as Hotspot's interfaces for users to connect
- Press the ">>>" sign to add them
- When Hotspot is initialized these interfaces will be bridged under a bridge called br_HotSpot
- Click Next
- Hotspot will assign HotSpot users with an IP address in the range of the configured dynamic IP addresses subnet you choose.
- If DNS values are set to 0.0.0.0, the Hotspot will assign the router's DNS IP addresses.
- Click Next
- If the NAT Enable option is selected, HotSpot users' IP addresses will be translated to the WAN's IP address (Network Address Translation, Masquerade)
- Protection is performed through firewall rules. According to the protection level used, appropriate firewall rules will be generated. (The comment “Added_By_Hotspot” will be automatically generated.)
- Click Next
- If there are wireless interfaces used as HotSpot interfaces make the desired settings
- Click Next
- The radius server used to authenticate HotSpot users.
- Either the IP address or Domain name of at least one Radius Server must be configured. The second Radius server is used as a backup server (if present).
- Make the appropriate settings
- Click Next
- In this example you click to enable UAM authentication
- UAM is the common Web-redirection authentication type. Hotspot users, after they have obtained an IP address, and opened a Web browser, will be redirected to the HotSpot's Web page to provide their Username and Password.
- Take under consideration that if you want to follow this kind of UAM authentication the remote PC should be able to respond to secure requests("Https")
- In the domain field type the full URL of the PC that holds the Hotspotlogin.cgi file e.g HTTPS://192.168.1.116/cgi-bin/Hotspotlogin.cgi
- Leave secret empty
- If you decide to type a secret have in mind that you have to alter the Hotspotlogin.cgi code to conform to the new secret
- Click Next
- Leave defaults or change as needed
- Click Next
- Leave defaults or change as needed
- Click Next
- Leave defaults or change as needed
- Click Next
- Check Hotspot configuration
- Click Submit to end the procedure and initialize the Hotspot
- Select Network tab on the above pane
- You should see the LAN interfaces you choose earlier bridged under br_HotSpot
- User being connected to one of the Hotspot's LAN interfaces when trying to connect to the internet should see the image below
- Username and Password for login to succeed must exist in Radius system database.
