Cradlepoint
CONFIGURATION GUIDE
The purpose of the following manual is to describe the necessary configuration of Cradlepoint equipment for integration with Octopus Platform.
1- Pre-requisites
If there is a firewall in the network that might block the traffic, you will need to allow access to some domains to enable user's authentication:
Radius Servers:
Primary:Â <IP_Radius_1>Â 1812 and 1813 UDP ports
Secondary:Â <IP_Radius_2>Â 1812 and 1813 UDP ports
Splash Portal server:Â
Domain <captive_portal_domain>Â 80 and 443 TCP ports
For the operation of the Guest and Enterprise modules configuration, it will be necessary to previously contract the Octopus platform licenses with the respective modules.
2- Guest module configuration
2.1 Radius Servers
The first step is to configure the Hotspot associated with the guest WLAN, access to Networking > Local Networks > Hotspot Services and perform the following configuration inside the Hotspot Settings section.
Hotspot Mode: RADIUS/UAM
Local IP Network: select the corresponding network.
Allow Service on 3G/4G modems: check this box.
Hotspot/UAM Authentication Port: 8000
Â
Then, it is required to configure the Radius Server which the user's authentication requests will be sent to. In the same section access to RADIUS Settings and perform the following configuration:
Server Address 1:Â <IP_Radius_1>
Server Address 2:Â <IP_Radius_2>
Authentication Port:Â 1812
Accounting Port:Â 1813
Shared Scret: <Secret>
Redirection On Successful Authentication: To an administrator-defined URL
Enter the redirection URL found in Octopus Platform, in the WLAN section of the Location: https://<captive_portal_domain>/login/hotspot/landing/wifiarea/WIFIAREA_ID/WLAN_ID
Idle Timeout: 15 Mins
Â
To obtain the WIFIAREA_ID and the WLAN_ID parameters to complete the URL above, please access to the WIFI platform and access to the Locations configuration menu. In the WLAN configuration tab, you will be able to check the URL that must be configured to redirect the users after their successful authentication.
2.2 Captive portal
Once all the Radius Server configuration is done, it is necessary to configure the external captive portal parameters. Access to UAM Settings inside the same section and perform the following configuration:
Login URL: https://<captive_portal_domain>/login/hotspot/cradlepoint
NAS/Gateway ID: CRADLEPOINT
Â
After having performed all the configuration, please click on Save to save all the changes.
IMPORTANT:Â Leave the Splash Page URL and Shared Secret parameters blank.
2.3 Walled Garden
Finally, within the Hotspot Services configuration it is necessary to include the domains to which free access must be allowed within the walled garden. To do so, click on Add and add all the necessary domains one by one.
Â
If you wish to add extra domains (Social Networks, Paypal, etc...) they can be consulted from the following link.
2.4 Authorized MAC Addresses
In order to allow the users to authenticate in the captive portal correctly, it is necessary to identify the NAS that will send the authentication requests to the Radius Server. In Cradlepoint, it is required to add the MAC address of every device in the WIFI platform.
These MAC addresses can be obtained from the Dashboard window.
Â