Contents
Roaming – LAN Hotspot
This sample scenario represents a very large HSG deployment, where you want to offer a seamless user experience across the entire network. However, due to large size of the network, you may have a single SSID, but mapped to Multi-VLANs at different locations, all sharing the same Login portal.
- Can use any type of AP at LAN side
- Have dedicated management VLAN for AP management addressing (VLAN1)
- Single SSID, but mapped to different VLANs at different locations
- Same portal across all VLANs, and seamless user roaming experience across VLANs

Common use cases
Large Hotels | Large Shopping malls | Large Tourism places | Airports, stadiums, etc.
Deployment of Single SSID, Portal and Multi-VLAN for Roaming Using UI
Prerequisite
- Upgrade the Hotspot Gateway box firmware version 20210213-2300. See link Upgrade Firmware
- Connect the WAN Interface of HSG to ISP device (ONT or Modem)
- Info– The WAN port (eth0) of HSG is pre-configured to get dhcp IP from ISP ONT/modem (or upstream router).
- Connect ETH1 port of HSG to the LAN Switch.
- Info– The ETH1 port (eth1) of HSG is pre-configured to release IP to LAN.
- Connect the AP to the LAN Switch
- Use default VLAN1 as management VLAN for AP/WLC
- Access Point will be receiving DHCP IP from HSG from network 192.168.8.0/22
- Info– Reserved IP for WLC or other devices, range from 192.168.8.2 to 192.168.8.99.
- Add all VLANs on the switch (VLAN10, 20, 30), configure all switch-ports to be in trunk mode, and permit all VLANs for each port (default)
- Configure APs to broadcast the desired SSID and assign to Access point (Eg: at different locations) to pre-configured different VLANs, by sharing the same SSID.
- Use default VLAN1 as management VLAN for AP/WLC
- Connect ETH2 port to a PC for Management
- Info– The ETH2 port (eth2) of HSG is pre-configured to release IP.
Procedure
Step 1 – Access to Hotspot Management UI
- Login to Hotspot Gateway UI
- on-premises Hotspot Gateway – Use the Management PC and browse to http://10.10.10.1 and login with the Credentials.

Step 2 – Create Entity, User Account, and Permission for the User Account
- Create Entity – See link Create Customer Entity
- User can use the Company name as entity name
- Create and Configure Permission for the User Account
- Navigate to ‘ADMIN > Permissions‘. Click on the
button and configure the required permission.
- Recommendation – Create the new User Account and in the Profile field select ‘Super admin’ for this Scenario.
- Navigate to ‘ADMIN > Permissions‘. Click on the
- Create User Account – See link Create User Account
Step 3 – Create VLANs (10, 20 & 30) in eth1 interface
- Navigate to ‘NETWORK SETTINGS > Interfaces > VLAN‘ tab and click on the
button, See link New VLAN interface
- Configure three new VLANs, The example to VLAN-10 settings are shown below in Table 1, and also find the details for the three VLANs below.
- VLAN10 | IP – 172.16.10.1/24
- VLAN20 | IP – 172.16.20.1/24
- VLAN30 | IP – 172.16.30.1/24
- Configure three new VLANs, The example to VLAN-10 settings are shown below in Table 1, and also find the details for the three VLANs below.
NOTE
The below table is VLANID 10 config values, and the user can config the other VLAN accordingly
S/N | Section | Field | Value |
---|---|---|---|
01 | New Interface VLAN | ||
VLAN Name | vlan10 | ||
Admin Status | Enabled | ||
Physical Interface | eth1 | ||
IP/Netmask (IP Address/Mask) | 172.16.10.1/24 | ||
02 | DHCP Server | ||
DHCP Description | vlan10 dhcp pool | ||
DNS Servers | Default | ||
Client Default Gateway | 172.16.10.1 | ||
Lease Time | Default | ||
03 | Hotspot Service | Enable | |
Step 4 – Create, Configure Captive Portal and Login Method
- Create three different Captive Portal and different portals. User can use the below portal name and the portal template. See link Create/Edit Captive portal.
- Portal name – ‘Portal_Roam1’ | portal template – ‘Prestige’
- Configure Login Method (Email Registration method with few ‘Userinfo’ collection). Enable Login Methods as mentioned below. See link Login Method Types.
![]() |
Portal Name: Portal_Roam1 Portal Template: Prestige Entity: Customer’s Entity name Login Method: Email Registration |
Step 5 – Configure Hotspot Instance (VLAN10, VLAN20, VLAN30) Interface and Enable Seamless Roaming.
Upon first successful login by a user (from a specific device), the user can Relogin without prompting for the Captive portal login page again, during the account validity period. This feature offers seamless user experience, particularly important for hotel guests.
- Navigate to ‘Hotspot Settings > Hotspot Instances‘. Click on ‘vlan10′ below the interface column heading and configure the vlan10 all three sections of instance, as per the Table 2 settings below.
- Configure the VLAN interfaces as per below
- In ‘Hotspot Instance Option Config Section‘, user can configure the ‘Seamless Login‘ and ‘Roaming VLAN/Network‘ fields. Refer to Table 2 below for configuration.



NOTE
The below table is VLANID 10 config values, and the user can config the other VLAN accordingly
S/N | Section | Field | Value |
---|---|---|---|
01 | Hotspot Instance Base Config | ||
Hotspot Enable | enable by ticking the option | ||
Hotspot Portal | Select the Portal according to the VLAN interface. Eg: http://captive.ransnet.com/pid/Portal_Roam1/login.php | ||
02 | Hotspot Instance Optional Config | ||
Client Parameters | Permit External Client Network – 172.16.10.0 Permit External Client Netmask – 255.255.255.0 | ||
Redirect/Success URL | http://www.ransnet.com | ||
Bypass/Whitelist By | Destination Domain – .ransnet.com Destination IP/URL – 2.1.2.1 | ||
Seamless Relogin (Sticky Client) | Since First Login: 1 Roaming VLAN/Network: vlan10 | vlan20 | vlan30 Info : The Sticky Client Session data can be found in RADIUS database. ‘HOTSPOT USERS > User Sessions > Client Sticky Sessions‘ | ||
Enable/Disable Parameters | Intercept DNS Requests – enable by ticking the option |
- Step 5 Cont….
- Configure the remaining VLANs (20 & 30) as per above Table.
NOTE
“Client sticky” only works for on-premise deployment design, having HSG as local gateway. (for Cloudx design, with HSA/UA as local Hotspot Controller, we must use “portal sticky” to achieve seamless relogin).
“Client sticky” is completely seamless so there’s no option to redirect user to external landing URL (marketing pages) upon seamless relogin.
For the “Client sticky”, when return user gets IP address and initiates a connection across HSG (can be web or non-web connection), HSG will lookup its “MAC <—> username” mapping in the “sticky session” table, and on-behalf of user to authenticate with RADIUS before captive portal kicks in (autologin at background). So this bypasses portal login process and appear to be “seamless” to users but there’s still an authentication process. RADIUS still tracks each connection/session info for analytics, and enforces the respective access policy (speed, time, and quota etc), eg. if the user account is expired, login will fail and user will be prompted back with the Captive portal page to login again.
Sometime when there are large amount of users connecting back to HSG (eg. after an outage of Wi-Fi network, when Wi-Fi recovers and all users are connecting back again, the autologin process may be “slower” to some users (the captive portal/splash page kicks in faster than autologin), then these users will still be prompted with portal login. To overcome this, we can use “client-sticky” in combination with “portal sticky” feature.
Step 6 – Configure Access Control
- Configure Email Registration profile (PortalRoam1) for Guest users.
- Navigate to ‘HOTSPOT USERS > Access Profile‘ and locate for
- Note – To configure the Email Registration profile, the user has to first test the Captive portal Email Registration Authentication. After the first test is successful, the Email OTP auto-creates the profile in ‘Access Profile’ in the format of (RansNet_[Device Name]_[Interface Name]_[MAC Address, last 4 digits]_<<emailonepageotp??>>. Eg : RansNet_mbox_br-vlan10_96-19_emailonepageotp). User can click on the Profile name and configure the account info settings as per the user requirement.
Deployment References Links (Videos/Demos)
- Create Captive portal and Configure Login Methods – https://youtu.be/yrjAkt8XkT8
- Configure Seamless User Relogin – https://www.youtube.com/watch?v=CABBfKHO4gY
NOTE
syslog server (user access logging) is enabled to collect DNS access logs and storing data up to last 5 days.
User access records are stored up to last 90 days
User info (username and profile data) is kept unlimited