HotSpot Overview

Overview

Hotspot provides guest internet access with granular User Access Control and Security Enforcement. It allows enterprises or venue owners to offer flexible and customized internet access for Guests, VIP Members, or Public users.

The Hotspot sitting at the Internet Edge, RansNet Hotspot Gateway manages user’s internet access through a few key modules:

.

HotSpot Access Controller

Is a combination of DHCP server, Firewall, and Bandwidth control engines, granting Internet Access for users and enforces their respective Access Profile based on AAA/RADIUS client policies. It intercepts user’s initial browsing requests and redirects to a Captive Portal for Authentication credentials, accepting terms, and enforces the Authorization (client rights) returned by AAA/RADIUS server for each authenticated user.

NOTE

HotSpot Access Controller is not referring to the wireless access controller.

One Hotspot Gateway device can support multiple instances of HotSpot Access Controller. Each instance maps to a different VLAN or Network for different access controls (Eg: different Captive Portal pages, different bandwidth control policies), so that we can enforce different user experience for users coming from different networks.

HSG hotspot Access controller supports following features:

.

Captive Portal

Its a built-in web server that prompts user to customizable web login page. It also interacts with Access Controller and AAA/RADIUS server to enable user credential inputs and integrates with RansNet cloud advertising server to stream landing page ads etc.

AAA / RADIUS server

AAA/RADIUS server validates user credentials, and passes user access policies (bandwidth per user, session time, volume/usage, etc.) to the Access Controller for enforcement.

There are a few commonly used interchangeable names, which are all referring to the same function that helps to authenticate user access, issues access policies for NAS/mbox to enforce and stores user access records, they are called differently at different places but all mean the same thing:

  • UAM Server (User Access Manager)
  • AAA Server (Authentication, Authorization, Accounting)
  • RADIUS Servers (Remote Authentication Dial-In User Service)

NOTE

The word ‘RADIUS’ is used most of the technical documentation

MACC (Mobile Access Cloud Center)

MACC implements AP management, and also manages wireless control functions the same as those of the conventional hardware AC, such as automatic channel and power adjustment, optimized radio frequency (RF) management, and L2/L3 roaming, providing an actually available wireless network. <<Link to MACC topics>>

The cloud Wi-Fi management and control platform developed by Networks for chain stores, small and medium enterprises, enterprises with a headquarters-branch structure, operator networks, and lightweight scenarios.

Advertising Gateway

RansNet cloud advertising server centrally manage and stream Wi-Fi advertisement (image or video banners) to their target portals/locations, schedule ads push at different time/date with different weights, and report statistics on impressions and click-through rates etc. The ads push natively works with mbox captive portal as a pop-up prior to login page <<Link to Monetization>> ??

Understanding Workflow of HotSpot User Access

.

Image 1 : Hotspot Gateway Architecture

  1. The user’s device (Mobile/Computer) connects to the Local Area Network (LAN) through Wireless-open SSID (can be any wireless Infra with MAP or 3rd-party Access Point or to a normal switch port), and then the client device gets the IP address from DHCP server.
  2. User browses Internet using a standard browser, The browsing request hits the mbox LAN/VLAN interface and intercepted by HotSpot Access Controller.
  3. mbox HotSpot Access controller redirects the User’s device browser to a Captive Portal login page.
  4. The user entries the Login credentials In the Captive Portal login page, which is forwarded to HotSpot Access Controller, which then sends to the RADIUS server for validation.
  5. RADIUS server validates user credentials and returns Access/Reject result to HotSpot Access Controller, together with a set of authorized profiles access rights for the authenticated user.
  6. HSG HotSpot Access Controller grants users Internet access and enforces respective rights passed by RADIUS.

  1. Configure Physical Connection.
    • WAN interface (eth0) as DHCP client and connect to ISP (ONT or Modem)
    • LAN interface (eth1) with an IP and enable the same port as Dhcp Server and connect to LAN Switch
    • Mgmt. Interface (eth2) for Hotspot UI (Configure PC Networking setting as ‘Assign IP Automatically’ ). It is pre-configured to issue IP (10.10.10.0).
    • Connect Access Point (AP) to LAN Switch
      • Switch to be configured with a default config(no VLAN settings.
      • Configure AP to broadcast ‘SSID’ without VLAN assignment.
  1. Access to Hotspot Gateway Management UI
    • on-premises HSG device Management GUI (http://10.10.10.1 with ‘mboxadmin / Letthem0ut7&’ credential)

NOTE

Cloud HSG Management UI ( Talk to RansNet account manager for the credential and Login URL)

  1. Create Entity, Permission for User account ,and User Account.
  1. Create Captive Portal and Login Methods.
  1. Configure Hotspot Instance for eth1 interface. (Eg: Enable Username Password and Email One Time Password (OTP) login Methods)
    • Whitelist URL (By-pass domain) if you are using any social media login methods
    • Configure Radius Server for Hotspot Authentication
    • Configure Hotspot portal (Landing Page) URL
  1. Configure Access Control in User Management
    • Create new Access Profile for Username & Password login Method (User Type – User Authentication)
      • Configure the ‘Account info‘ for the above Access Profile
    • Configure the Facebook login profile by clicking the profile name in ‘User Management
      • Configure the ‘Account info‘ for the above Access Profile

NOTE

One HSG support multiple MAP/HSA/UA. Sizing of HSG is based on 10 x no. of MAP/HSA/UA. Eg: to support up to 20 MAP/HSA/UA, use HSG-200; to support up to 80 MAP/HSA/UA, use HSG-800.

Different organizations need to have dedicated HSG since the RADIUS database can not be shared.

In Cloud model, the external HSG can run on a virtual machine since it will not function as a gateway, and only host’s RADIUS and Captive Portals for MAP/HSA/UA.