Hotspot Instances

Overview

Hotspot instance UI defines how the mbox hotspot access controller handles user traffic when it comes to HSG. We can configure different instances for different networks, control different accesses, and enforce different user experiences, etc. Each instance works like a virtual hotspot access controller.

Concept of Hotspot Instance

  • Each hotspot instance maps to a combined set of LAN interface (LANIF) and WAN interface (WANIF).
    • A LANIF is an incoming interface where the user client’s traffic is entering into Hotspot gateway (Traffic pass-through Hotspot Gateway)
    • A LANIF is a physical interface or can also configure a VLAN interface, and it represents a client network.
      • If the user needs to support multiple networks, we configure VLANs on a physical LANIF, in this case, each LANIF is a VLAN interface.
    • A LANIF that belongs to a hotspot instance is unique to each hotspot instance.
    • A WANIF is the outbound interface where the client’s traffic leaves mbox.
    • Many Hotspot instances can share with WANIF, so the user can configure multiple instances/LANIF to share the same WANIF.

NOTE

When VLAN is configured, the switch-port connecting to this physical LAN interface must be configured as a trunk port (with 802.1Q VLAN tagging).

  • Each hotspot instance also runs as a DHCP server for its LANIF instance. The built-in hotspot DHCP process will issue the IP address to the client.
    • If there’s another “Dhcp-server” configuration under the LANIF, it needs to be removed, or else there’ll be a conflict running two DHCP processes.
  • The Captive Portal is required for each instance.
    • The portal contents can be either Hosted locally on HSG or Hosted externally on a cloud HSG.

Hotspot Settings

A Client’s Physical/VLAN interface can be configured as a Hotspot Instance. User can navigate to ‘HOTSPOT SETTINGS > Hotspot Instances‘, click on the Hotspot Setting tab and click button to configure a ‘New Instance’ as shown in Image 1 below.

From the ‘New Instance’ pop window, the user can select the Instance’s interface name and the relevant Captive Portal URL from the Hotspot Portal and proceed.

Image 1 : List of Hotspot Instance

The fields of Hotspot Instance List are summarized below:

S/NFields/ButtonsDescription
01. buttonCreate new hotspot instances
02. buttonExport’s the table view to CSV/Print/PDF form
03.InterfaceName of Hotspot Instance-interface
04.Admin StatusDisplays the Enable /Disable status of the interface
05.Hotspot ServerConfigured Hotspot server IP address
06.Client-Net/NetmaskConfigured Hotspot server’s Client Network IP
07.Hotspot-PortalCaptive Portal URL
08.ActionOption to delete the Hotspot Instance.
New Instance Window
09.Select Interface (New Instance)Select the Interface to configure as Hotspot Instance
10.Hotspot Portal (New Instance)Select the Captive Portal URL for the Hotspot Instance.
Table

New/Edit Instance

User can click on the Hotspot Instance name, located under the Interface field in the Hotspot Setting tab to configure the Instance. The EDIT INSTANCE consists of two sections (Hotspot Instance Base Config and Hotspot Instance Optional Config) as shown in Image 2 below.

Image 2 : New/Edit Hotspot Instance page

The fields of EDIT INSTANCE List are summarized below:

S/NSectionFieldDescription
01. Hotspot Instance Base Config
Hotspot LANHotspot Instance interface
Hotspot ID (Optional)
Hotspot EnableTo enable the Hotspot Instance
Hotspot ServerHotspot instance server IP (Clients network default gateway)
Client NetworkClient networks address within the instance
Radius ServerAuthentication server for the Hotspot Instance.
Key: Radius Server Pre-shared key.
Hotspot PortalCaptive Portal URL for the Hotspot instance.
02
 Hotspot Instance Optional Config
Client ParametersClient Bandwidth (Optional) :
Client Timeout (Optional): Session timeout is the absolute session time, after which user session will be cleared even if the user is actively using (user will be forced to login out and the user will need to login again if required to browse).

Client DHCP Range : DHCP IP range to issue to user clients
Client DHCP DNS Server : The user can configure an explicit DNS Server, else not configure then Instance will use the default google DNS.
Permit External Client Network :??
Redirect/Success URL (Optional)Redirect client browse to a specific URL upon successful login. The page can be hosted portal within HSG or an external URL.
Bypass/Whitelist By
Permit user access without authentication based on the below settings.

Destination Domain : This field permits access based on domains, so all the URLs using sub-domains are automatically permitted
Eg: if we permit .ransnet.com, then portal.ransnet.com and http://www.ransnet.com are both permitted without Authentication.
Multiple domains can be configured here.
You also need to put a ‘.’ (dot) in front of each domain.
This is a sample entry – .ransnet.com<press enter>.outlook.com<press enter>

Destination Domain List : This field is similar to ‘Destination Domain‘ setting that permits access based on domains but in form of list.


Destination IP/URL : This field permits access based on destination URLs /IP address/Subnets.
Multiple domains can be configured here.
This is a sample entry – ww.ransnet.com<press enter>yahoo.com<press enter>http://www.google.com<press enter>10.1.0.0/16<press enter>20.1.1.0/24

Source MAC (Entry) : This field permits access based on the device source MAC address.
Multiple MAC addresses can be configured here.
This is a sample entry : 00-0C-29-44-8B-F8<press enter>00-0C-29-44-8B-02

Source IP/Networking (Entry) : This field permits access based on the user source IP or subnets.
Multiple MAC addresses can be configured here.
This is a sample entry – 192.168.10.9<press enter>192.168.7.0/24<press enter>172.16.1.9

Source MAC (RADIUS Setting) : This field permits access based on RADIUS MAC address authentication. The device source MAC addresses are added in the RADIUS user database using User Management > import_btn, click the button.
Seamless Re-loginEnable’s client session relogin seamless after the Portal login.

Since first login : This field settings keeps the session for no. of days from the first login.
Since last login : This field settings keeps the session for no. of days from the last use.
Enable/Disable ParametersIntercept DNS Requests :

iPhone CNA Support :
Table 2 : Edit Instance field list.

After the Instances are configured, the user can view the current status of the Instance (Enabled instance) in the Hotspot Status tab as shown in Image 3 below. The page provides user with information like virtual tunnels created by instances, connected devices (IP issued by Hotspot Instance), and successfully authenticated users through Hotspot Instance.

Image 3 : Hotspot Status list tab

<< Image of the Detailed client , click on the instance>>