Contents
In this sample scenario, we will build a demo setup for mbox HSA/UA/XE working with cloud HSG for the captive portal, while functioning as an SD-WAN router.
.

.
Common use cases
- CloudX design, where HSA/UA/XE is used as mini-HSG, and with additional MAP or 3rd-party AP behind it can be used to extend wireless coverage.
- “Wi-Fi on the go”, where HSA/UA/XE acts as an all-in-one device with single/dual LTE backhaul to provide Wi-Fi in buses or trains.
- Hotspot over SD-WAN, where HSA/UA/XE provides wireless hotspot access, on top of SD-WAN connectivity.
In all of the above design scenarios, HSA/UA/XE will function as a mini-HSG utilizing the below key features.
- Router & firewall
- dual-band Wi-Fi (802.11a/b/g/n/ac, wave 2)
- hotspot controller to redirect the user to the external/HSG captive portal
- dual-LTE slots (optional, for “Wi-Fi on the go”)
- SD-WAN capabilities (as an all-in-one retail solution)
At the same the cloud HSG is for:
- hosting hotspot/captive portal
- hotspot user’s database and authentication(AAA)
- analytics and reporting
.
Deployment prerequisite
- STEP 1 – 1 x Cloud HSG required. (Enable RADIUS and provision a captive portal for HSA/UA/XE to use).
NOTE
Cloud HSG can be a physical appliance or VM, hosted in the customer HQ or DC.
- STEP 2 – Bootstrap (Factory reset) HSG and HSA/UA/XE if it’s not a new device. Refer to Reset Host To Factory Default (Reset HSG / CMG to factory reset) and (Reset HSA / UA to factory reset)
- STEP 3 – Login to mfusion to provision and configure HSG and HSA/UA/XE.
- STEP 4 – Provision HSA/UA/XE and HSG in the mfusion. Refer to Devices Provisioning (Preparing mfusion Access)
- STEP 5 – Add HSG and HSA/UA/XE to the mfusion ORCHESTRATOR platform with ‘Default Template‘. Refer to New Gateway
- STEP 6 – HSG needs to be accessible by HSA/UA/XE (eg. HSG needs public IP), with firewall ports open for TCP/80, TCP/443, UDP/1812, and UDP/1813)
- STEP 7 – 1 x HSA-500/UA-800/XE-300 per site (can use HSA/UA/XE built-in Wi-Fi, together with additional AP (optional) for wireless coverage extension)
- STEP 8 – Connect the HSA/UA/XE WAN port to the ISP modem/ONT, or slot in dual SIM card into the LTE slots (optional, for “Wi-Fi on the go”).
- STEP 9 – Configure VLAN10 for the wireless network and for Hotspot Instance
- STEP 10 – Configure Hotspot Instance in HSA/UA/XE, pointing radius to HSG.
Deployment steps
STEP 6
- User can click on the mac address of the Gateway to enter the Gateway configuration panel.
- User can configure the HSG eth0 with a public IP address by clicking on the interface name.

- User can navigate to the ‘Security tab > Input menu‘ and click on the
button to configure TCP/80, TCP/443, UDP/1812, and UDP/1813 rules

STEP 9
- User can click on the mac address of the SD-Branch to enter the SD-Branch configuration panel.
- Configure Wi-Fi by navigating to ‘Network Tab > Wi-Fi menu‘. Refer to Configure Wireless Interface / Global Wireless Policy.
- Configure the IP host of the HSA/UA/XE to HSG public IP / reachable IP address.

- Configure Hotspot by navigating to ‘Network Tab > Hotspot menu‘ to configure Hotspot Instance.
- Click on the
button to configure a new Hotspot instance.

Hotspot Instance Information Fields
S/N | Fields | Value |
---|---|---|
01. | Hotspot Interface | eth1/VLANx |
02. | Auth. Server (RADIUS) [RADIUS Server | RADIUS key] | splash.ransnet.com | testing123 |
03. | Captive Portal URL | ‘Copy the captive portal URL from HSG |
04. | Optional Hotspot Settings [Server/Ports | Client Network | Static Network] | [Hotspot Interface IP address / 5213, 4361 | Hotspot Interface Network | Hotspot Interface Network] |
05. | Optional Client Parameters [Redirect URL | Local DNS] | [http://www.ransnet.com | Local DNS ON] |
06. | Bypass / Whitelist By [Domain List | Destination IP/URL] | [.ransnet.com | splash.ransnet.com,2.1.2.1] |