OmniAccess Stellar - Express Mode

CONFIGURATION GUIDE

The purpose of the following manual is to describe the necessary configuration of the ALE Stellar equipment for integration with the Octopus Platform.

 

1- Pre-requisites

  • If there is a firewall in the network that might block the traffic, you will need to allow access to some domains to enable user's authentication:

    • Radius Servers:

      • Primary: <IP_Radius_1> 1812 and 1813 UDP ports

      • Secondary: <IP_Radius_2> 1812 and 1813 UDP ports

    • Splash Portal server: 

      • Domain <captive_portal_domain> 80 and 443 TCP ports

  • For the operation of the Guest and Enterprise modules configuration, it will be necessary to previously contract the Octopus platform licenses with the respective modules.

2- Guest module configuration

2.1 Radius Servers and Captive Portal

First, it is necessary to configure all the parameters related to the captive portal. Access to Access > Authentication and click on Authentication to access to the configuration window.

Once the configuration window is displayed, please perform the following configuration as it is shown below:

  • HTTPS: on

  • External Captive Portal: mcheck this option

  • Captive Portal Server:

    • Hostname: <captive_portal_domain>

    • Redirect URL: /login/hotspot/ale

    • Redirect URL param: disable

  • Authentication Server:

    • Server IP/Hostname: <IP_Radius_1>

    • Authentication Server Port: 1812

    • Secret: <Secret>

    • Confirm: <Secret>

    • Radius Accounting: check this option

    • Accounting Server Port: 1813

    • Accounting Interval: 600

After having done the entire configuration, please click in the Save button to save all these changes.

2.2 Walled Garden

Then it is required to add the domains that the users will be able to visit without being authenticated in the captive portal. Access to the Access > Black List & White List section and open the Walled Garden tab. Then, select the Domain option and add all the required domains.

 

If you wish to add extra domains (Social Networks, Paypal, etc...) they can be consulted from the following link.

2.3 WLAN Settings

To configure an external captive portal in a SSID, it is necessary to add a new WLAN or edit an existing one. To add the new WLAN, access to the WLAN section and click in New

Configure the following parameters once the WLAN configuration window is displayed:

  • WLAN Name: SSID name that will be visible to the wireless users.

  • Security Level: Open

  • Captive Portal: Yes

  • Inactivity Timeout Status: on

  • Inactivity Timeout Interval: 900

  • Enable: Yes

After having performed this changes, please click in Save to save the new configuration. 

2.4 Authorized MAC Addresses

In order to allow the users to authenticate in the captive portal correctly, it is necessary to identify the NAS that will send the authentication requests to the Radius Server. In this case, it is required to add the MAC address of every Access Point that will radiate the configured SSID.

These MAC addresses can be obtained from the AP section.

After accessing to the AP section, it can be visualized the MAC address of each access point:

 

For information on how to add the MAC address of each AP as an authorized NAS on the platform, please refer to the following link Locations

3- Enterprise module configuration

In order to integrate the configurations of this module with the platform, it is necessary to contract the Octopus Wifi Enterprise Module.

3.1 MAC Authentication

To enable MAC Authentication, it is necessary to edit the WLAN in use. To do that, click in the WLAN that will use this new functionality to be able to configure it.

Once inside select the corresponding WLAN and configure the following parameters:

  • MAC Authentication: check this option

  • Server IP/Hostname: <IP_Radius_1>

  • Authentication Server Port: 1812

  • Secret: <Secret>

  • Confirm: <Secret>

  • Account: check this option

  • Accounting Server Port: 1813

  • Accounting Interval: 600


After having done all the required changes, please click in Save to save the new configuration.

3.2 Configuration of “Access Profiles” funtionality in the Octopus Platform

Through the Octopus platform it is possible to configure a series of reply attributes of the Access-Accept packages, grouped in the so-called Access Profile. These Access Profiles allow to activate a series of functionalities in the ALE Stellar. Although the most common and proprietary ALE Stellar radius dictionaries are available, the following is a list of some of the most interesting ones:

Attribute

Description

Format

Attribute

Description

Format

WISPr-Bandwidth-Max-Down

Defines downstream speed limits for a given session

Bytes

WISPr-Bandwidth-Max-Up

Defines upload speed limits for a given session

Bytes

Reply-Message

Useful for troubleshooting functions, since it allows to identify associated elements of the Octopus platform, such as an access profile, access method, location, ...

 

Example of an Access Profile configuration with the attributes explained above:

 

For more information on how to create an Access Profile in Octopus Platform go to Access profiles