Contents
Overview
Hotspot instance UI defines how the mbox hotspot access controller handles user traffic when it comes to HSG. We can configure different instances for different networks, control different accesses, and enforce different user experiences, etc. Each instance works like a virtual hotspot access controller.
Concept of Hotspot Instance
- Each hotspot instance maps to a combined set of LAN interface (LANIF) and WAN interface (WANIF).
- A LANIF is an incoming interface where the user client’s traffic is entering into Hotspot gateway (Traffic pass-through Hotspot Gateway)
- A LANIF is a physical interface or can also configure a VLAN interface, and it represents a client network.
- If the user needs to support multiple networks, we configure VLANs on a physical LANIF, in this case, each LANIF is a VLAN interface.
- A LANIF that belongs to a hotspot instance is unique to each hotspot instance.
- A WANIF is the outbound interface where the client’s traffic leaves mbox.
- Many Hotspot instances can share with WANIF, so the user can configure multiple instances/LANIF to share the same WANIF.
NOTE
When VLAN is configured, the switch-port connecting to this physical LAN interface must be configured as a trunk port (with 802.1Q VLAN tagging).
- Each hotspot instance also runs as a DHCP server for its LANIF instance. The built-in hotspot DHCP process will issue the IP address to the client.
- If there’s another “Dhcp-server” configuration under the LANIF, it needs to be removed, or else there’ll be a conflict running two DHCP processes.
- The Captive Portal is required for each instance.
- The portal contents can be either Hosted locally on HSG or Hosted externally on a cloud HSG.
Hotspot Settings
A Client’s Physical/VLAN interface can be configured as a Hotspot Instance. User can navigate to ‘HOTSPOT SETTINGS > Hotspot Instances‘, click on the Hotspot Setting tab and click 
button to configure a ‘New Instance’ as shown in Image 1 below.
From the ‘New Instance’ pop window, the user can select the Instance’s interface name and the relevant Captive Portal URL from the Hotspot Portal and proceed.
The fields of Hotspot Instance List are summarized below:
| S/N | Fields/Buttons | Description |
|---|---|---|
| 01. |  button | Create new hotspot instances |
| 02. |  button | Export’s the table view to CSV/Print/PDF form |
| 03. | Interface | Name of Hotspot Instance-interface |
| 04. | Admin Status | Displays the Enable  /Disable  status of the interface |
| 05. | Hotspot Server | Configured Hotspot server IP address |
| 06. | Client-Net/Netmask | Configured Hotspot server’s Client Network IP |
| 07. | Hotspot-Portal | Captive Portal URL |
| 08. | Action | Option to delete the Hotspot Instance. |
| New Instance Window | ||
| 09. | Select Interface (New Instance) | Select the Interface to configure as Hotspot Instance |
| 10. | Hotspot Portal (New Instance) | Select the Captive Portal URL for the Hotspot Instance. |
New/Edit Instance
User can click on the Hotspot Instance name, located under the Interface field in the Hotspot Setting tab to configure the Instance. The EDIT INSTANCE consists of two sections (Hotspot Instance Base Config and Hotspot Instance Optional Config) as shown in Image 2 below.
The fields of EDIT INSTANCE List are summarized below:
| S/N | Section | Field | Description |
|---|---|---|---|
| 01. | Hotspot Instance Base Config | ||
| Hotspot LAN | Hotspot Instance interface | ||
| Hotspot ID (Optional) | |||
| Hotspot Enable | To enable the Hotspot Instance | ||
| Hotspot Server | Hotspot instance server IP (Clients network default gateway) | ||
| Client Network | Client networks address within the instance | ||
| Radius Server | Authentication server for the Hotspot Instance. Key: Radius Server Pre-shared key. | ||
| Hotspot Portal | Captive Portal URL for the Hotspot instance. | ||
| 02 | Hotspot Instance Optional Config | ||
| Client Parameters | Client Bandwidth (Optional) : Client Timeout (Optional): Session timeout is the absolute session time, after which user session will be cleared even if the user is actively using (user will be forced to login out and the user will need to login again if required to browse). Client DHCP Range : DHCP IP range to issue to user clients Client DHCP DNS Server : The user can configure an explicit DNS Server, else not configure then Instance will use the default google DNS. Permit External Client Network :?? | ||
| Redirect/Success URL (Optional) | Redirect client browse to a specific URL upon successful login. The page can be hosted portal within HSG or an external URL. | ||
| Bypass/Whitelist By | Permit user access without authentication based on the below settings. Destination Domain : This field permits access based on domains, so all the URLs using sub-domains are automatically permitted Eg: if we permit .ransnet.com, then portal.ransnet.com and http://www.ransnet.com are both permitted without Authentication. Multiple domains can be configured here. You also need to put a ‘.’ (dot) in front of each domain. This is a sample entry – .ransnet.com<press enter>.outlook.com<press enter> Destination Domain List : This field is similar to ‘Destination Domain‘ setting that permits access based on domains but in form of list. Destination IP/URL : This field permits access based on destination URLs /IP address/Subnets. Multiple domains can be configured here. This is a sample entry – ww.ransnet.com<press enter>yahoo.com<press enter>http://www.google.com<press enter>10.1.0.0/16<press enter>20.1.1.0/24 Source MAC (Entry) : This field permits access based on the device source MAC address. Multiple MAC addresses can be configured here. This is a sample entry : 00-0C-29-44-8B-F8<press enter>00-0C-29-44-8B-02 Source IP/Networking (Entry) : This field permits access based on the user source IP or subnets. Multiple MAC addresses can be configured here. This is a sample entry – 192.168.10.9<press enter>192.168.7.0/24<press enter>172.16.1.9 Source MAC (RADIUS Setting) : This field permits access based on RADIUS MAC address authentication. The device source MAC addresses are added in the RADIUS user database using User Management >  , click the  button. | ||
| Seamless Re-login | Enable’s client session relogin seamless after the Portal login. Since first login : This field settings keeps the session for no. of days from the first login. Since last login : This field settings keeps the session for no. of days from the last use. | ||
| Enable/Disable Parameters | Intercept DNS Requests : iPhone CNA Support : |
After the Instances are configured, the user can view the current status of the Instance (Enabled instance) in the Hotspot Status tab as shown in Image 3 below. The page provides user with information like virtual tunnels created by instances, connected devices (IP issued by Hotspot Instance), and successfully authenticated users through Hotspot Instance.
<< Image of the Detailed client , click on the instance>>