OmniAccess Stellar - Enterprise Mode

Owned by Adrián Macarro (Unlicensed)
Last updated: Oct 18, 2021 by Pedro Doroshenko
4 min read

CONFIGURATION GUIDE

The purpose of the following manual is to describe the necessary configuration of the ALE Stellar Enterprise solution for integration with Octopus Platform.

 

1- Pre-requisites

  • If there is a firewall in the network that might block the traffic, you will need to allow access to some domains to enable user's authentication:

    • Radius Servers:

      • Primary: <IP_Radius_1> 1812 and 1813 UDP ports

      • Secondary: <IP_Radius_2> 1812 and 1813 UDP ports

    • Splash Portal server: 

      • Domain <captive_portal_domain> 80 and 443 TCP ports

  • For the operation of the Guest and Enterprise modules configuration, it will be necessary to previously contract the Octopus platform licenses with the respective modules.

 

2- Guest module configuration

2.1 Radius Server

The first thing to do is to configure the platform's Radius servers. To do this, go to: Security> Authentication Servers > Radius and add a new radius (or modify an existing one if desired). Enter the following values:

 

  • Server Name: Radius1

  • Host Name / IP Address: <IP_Radius_1>

  • Backup Host Name / IP Address: <IP_Radius_2>

  • Retires: 3

  • Timeout: 2

  • Shared Secret: <secret>

  • Confirm Secret:<secret>

  • Authentication Port: 1812

  • Accounting Port: 1813

 

2.2 AAA Server Profile Configuration

In the Omnivista interface go to WLAN > AAA Server Profile and add a new profile (modify an existing one if desired).

  • Profile name: aaaServerProfile_Guest

  • Authentication Servers > Captive portal > Captive Portal Primary: Select previously created Radius: Radius1 

  • Accounting Servers > Captive portal > Captive Portal Primary: Select previously created Radius: Radius1 

2.3 Access Role Profile configuration.

In the Omnivista interface go to WLAN > AAA Server Profile and add a new profile (or modify an existing one if desired).

  • Profile name: For example accessRoleProfile_Guest

  • Walled Garden: Add the basic domains and the desired ones depending on the services that are going to be used.

If you wish to add extra domains (Social Networks, Paypal, etc...) they can be consulted from the following link.

  • In Captive Portal Atributes fill the gaps with the next information: 

    • Captive Portal Auth: External

    • Portal Server: <captive_portal_domain> 

    • Redirect-URL: /login/hotspot/ale

    • HTTPS Redirectión: Enable

    • AAA Server Profile (previously created): aaaServerProfile_Guest

2.4 WLAN Services configuration

 

In the Omnivista interface go to WLAN > WLAN Services and add a new profile (or modify an existing one if desired).

  • Service Name: for example: wlanService_Guest

  • SSID Settings > Basic: 

    • ESSID: SSID Guest´s name, for example "WIFIGuest"

    • Hide SSID: Disabled

    • Enable SSID: Enabled

  • SSID Settings > Security

    • Security Level: Open

    • MAC Auth: Disabled

    • Default Access Role Profile (previously created) accessRoleProfile_Guest

2.5 Deploy configuration in AP Groups.

Once all the configuration has been created, deploy the configuration in the equipment:

  • AccessRoleProfile: En WLAN > Access Role Profile, select the new role created for WifiGuest and click on "Apply to devices". after that set the VLAN assigned to the Role, as well as the AP Group where it will be deploy. Finally chech that it has been deployed successfully.

 

  • WLAN Service: In WLAN > WLAN Services, set the new service created for WifiGuest and click on "Apply to Devices". after that set the AP Group where it will be deploy. Finally check that it has been deployed successfully.

3- Enterprise module configuration

The purpose of the following manual is to describe the necessary configuration of the ALE Stellar Enterprise solution for integration with Octopus Platform.

3.1 MAC Authentication

To enable MAC caching, it will be necessary to configure MAC-Authentication in Omnivista.

  • In the Omnivista interface go to WLAN > AAA Server Profile, edit the profile that we want to apply the funtionality and modify the following parametres:

    • Authentication Servers > MAC > MAC Primary: Select previously created Radius: Radius1 

    • Accounting Servers > MAC > MAC Primary: Select previously created Radius: Radius1

  • In WLAN > WLAN Service, edit the profile that we want to apply the funtionality and modify the following parametres:

  • Security > MAC Auth: Enabled

  • Select in Security > AAA Profile the previously created: aaaServerProfile_Guest.

 

3.2 Configuration of “Access Profiles” funtionality in the Octopus Platform

Through the Octopus platform it is possible to configure a series of reply attributes of the Access-Accept packages, grouped in the so-called Access Profile. These Access Profiles allow to activate a series of functionalities in the ALE Stellar. Although the most common and proprietary ALE Stellar radius dictionaries are available, the following is a list of some of the most interesting ones:

Atributo

Descripción

Format

Atributo

Descripción

Format

WISPr-Bandwidth-Max-Down

Defines downstream speed limits for a given session

Bytes

WISPr-Bandwidth-Max-Up

Defines upload speed limits for a given session

Bytes

Reply-Message

Useful for troubleshooting functions, since it allows to identify associated elements of the Octopus platform, such as an access profile, access method, location, ...

 

 

Example of an Access Profile configuration with the attributes explained above:

 

For more information on how to create an Access Profile in Octopus Platform go to Access profiles