Single LAN with Captive Portal

Single LAN Hotspot

This sample scenario represents the simplest HSG deployment, using HSG as a hotspot gateway and any type of wireless AP at the LAN side.

  • User can use any type of AP on the LAN side
  • All users and AP management IP are in the same flat network
  • A single landing page is used (can have multiple login methods on the same landing page for different user group access control)

Common use cases

Small Hotels | Large F&B | Retail Outlets etc.

Deployment of Single SSID, Default VLAN, and Portal Using UI

Prerequisite
  • Upgrade the Hotspot Gateway box firmware version 20210213-2300. See link Upgrade Firmware
Procedure

Step 1 – Physical Connection

  1. Connect the eth0 (WAN) Interface of HSG to ISP device (ONT or Modem)
    • Info The WAN port (eth0) of HSG is pre-configured to get Dhcp IP from ISP ONT/modem (or upstream router).
  2. Connect eth1 port of HSG to the LAN Switch.
    • InfoThe ETH1 port (eth1) of HSG is pre-configured to release IP to LAN.
  3. Connect the AP (3rd Party Access Point) to the LAN Switch.
    • Info Keep the Switch to default config (Flat Network). Configure AP to broadcast SSID and do not assign any VLAN.
  4. Connect eth2 port to a PC for Management access.
    • InfoThe ETH2 port (eth2) of HSG is pre-configured to release IP.

Step 2 – Access to Hotspot Gateway Management UI

  1. Login to Hotspot Gateway UI
    • on-premises Hotspot Gateway – Use the Management PC and browse to http://10.10.10.1 and with login with the credentials.

NOTE

For Cloud-hosted HSG, User can contact the RansNet account manager for URL and login credentials.

Image 2: Hotspot Gateway login screen

Step 3 – Create Entity, User Account, and Permission for the User Account

  1. Create Entity – See link Create Customer Entity
    • User can use the Company name as entity name
  2. Create and Configure Permission for the User Account
    • Navigate to ‘ADMIN > Permissions‘. Click on the button and configure the required permission.
    • Recommendation – Create the new User Account and in the Profile field select ‘Super admin’ for this Scenario.
  3. Create User Account – See link Create User Account

Step 4 – Create Captive Portal and Login Method

  1. Create Captive Portal, Use the ‘Central‘ template’. See link Create/Edit Captive portal
    • InfoName the Portal Name as ‘Portaleth1
  2. Configure Login Methods for ‘Portaleth1‘. See link Login Method Types. Find the below details of the portal.
Portal Name: CPortal1
Portal Template: Central
Entity: [Customer’s Entity name]
Login Method: Standard Login Option
(Username & Password) & Email OTP
Table 1 : Captive portal Template details

Step 5 – Configure Hotspot Instance for the ETH1 interface.

  1. Navigate to ‘Hotspot Settings > Hotspot Instances’. Click on ‘eth1′ below the ‘interface’ column heading.

  • Step 5 – Cont…..
    1. Configure the Hotspot Instance settings as per the below table and save.
S/NSectionFieldValue
01Hotspot (Base)
Hotspot LANeth1
Hotspot Server / Ports192.168.8.1 / 4910, 5896
Client Network / Netmask192.168.8.0 / 255.255.252.0
Radius Server / Keysplash.ransnet.com / testing123
Hotspot PortalPaste the Full URL of the created Captive portal
Hotspot Instance (Optional)
Redirect / Success URLhttp://www.ransnet.com
Table 1: Hotspot Instance Setting

Step 6 – Configure Access Control

  1. Configure Username Password profile
    • Navigate to ‘HOTSPOT USERS > Access Profile’. Create a new Access Profile. See link New Access Profile
    • Select ‘User Authentication‘ from User type and enter the Username and password
    • Navigate to the ‘Account info’ tab on the ‘New User’ page and configure the relevant settings
  2. Configure Email OTP profile.
    • Info To configure the Email OTP profile, the user has to first test the Captive portal Email OTP authentication. After the first test is successful, the Email OTP auto-creates the profile in ‘Access Profile’ in the format of (RansNet_[Device Name]_[Interface Name]_[MAC Address, last 4 digits]_emailonepageotp. Eg : RansNet_mbox_br-vlan10_96-19_emailonepageotp). User can click on the Profile name and configure the account info settings as per the user requirement.

NOTE

Users should use UI to configure, Captive portal. Login Method and Access Profile.

-----------------------------------Default Configuration--------------------------
hostname HSG800-WT
!
interface eth0
 description "Default connection to WAN"
 enable
 ip address dhcp
!
interface eth1
 description "Default connection to LAN"
 enable
 ip address 192.168.8.1/22
dhcp-server
  lease-time 86400 86400
  router 192.168.8.1
  dns 8.8.8.8 8.8.4.4
  range 192.168.8.2 192.168.11.254
  enable
!
interface eth2
 description "Default OOB-Mgmt"
 enable
 ip address 10.10.10.1/24
 dhcp-server
  lease-time 86400 86400
  router 10.10.10.1
  dns 8.8.8.8 8.8.4.4
  range 10.10.10.10 10.10.10.20
  enable
!
interface eth3
 description "Reserved network"
!
interface loopback
 enable
 ip address 2.1.2.1/32
!
ip name-server 8.8.8.8 8.8.4.4
!
ip ntp-server 203.211.159.1 62.201.225.9
!
ip host macc.ransnet.com 2.1.2.1 rewrite
ip host splash.ransnet.com 2.1.2.1 rewrite
!
firewall-input 10 permit all tcp dport 80 src 10.0.0.0/8 admin remark "WEB mgmt
from OOB"
firewall-input 11 permit all tcp dport 22 src 10.0.0.0/8 remark "SSH mgmt from O
OB"
!
firewall-access 10 permit outbound eth0
!
firewall-snat 10 overload outbound eth0
!
security radius-server
 client 2.1.2.1 key testing123 name HSG800WT
 start
-----------------------------------Default Configuration--------------------------
!
security hotspot eth1
 hotspot-server 192.168.8.1 ports 4910 5896
 client-network 192.168.8.0 255.255.252.0
 client-static 192.168.8.0 255.255.252.0
 client-local-dns on
 redirect-url http://www.ransnet.com
 radius-server splash.ransnet.com testing123
 hotspot-portal https://captive.ransnet.com/RNSrilanka/CPortal1/login.php
 start

Deployment References Links (Videos/Demos)

  • Configure Login Method – https://www.youtube.com/watch?v=ggSg9NxykxU&t=220s
  • NOTE

    syslog server (user access logging) is enabled to collect DNS access logs and storing data up to the last 5 days.

    User access records are stored up to last 90 days

    User info (username and profile data) is kept unlimited