Engenius OnPremise

CONFIGURATION GUIDE

The purpose of the following manual is to describe the configuration required on Enginius for integration with Octopus Platform.

1- Pre-requisites

  • If there is a firewall in the network that might block the traffic, you will need to allow access to some domains to enable user's authentication:

    • Radius Servers:

      • Primary: <IP_Radius_1> 1812 and 1813 UDP ports

      • Secondary: <IP_Radius_2> 1812 and 1813 UDP ports

    • Splash Portal server: 

      • Domain <captive_portal_domain> 80 and 443 TCP ports

  • For the operation of the Guest and Enterprise modules configuration, it will be necessary to previously contract the Octopus platform licenses with the respective modules.

2- Guest module configuration

2.1 Radius Server

In order to enable the user's authentication with an external Radius Server access to the Login Type section in the Hostpot Service > Captive portal menu and configure the following parameters:

  • Login Type: External RADIUS Server

Once the Radius Authentication is enabled, please perform the following configuration in the External RADIUS Server section:

  • Auth Type: PAP

  • Radius Server: <IP_Radius_1>

  • Radius Port: 1812

  • Radius Secret: <Secret>

  • Enable Radius Accounting: enable

  • Accounting Radius Server: <IP_Radius_1>

  • Accounting Radius Port: 1813

  • Accounting Radius Secret: <Secret>

  • Accounting Radius Interval: 600 segundos

2.2 Captive portal

Then, it is necessary to configure the external captive portal. Access to the Login Page section and configure the following parameter:

  • Redirect User to external URL: https://<captive_portal_domain>/login/hotspot/engenius

  • In the Redirect Behavior, select the option Redirect to the URL the user was trying to visit in order to be able to manage the redirection web site from the WIFI platform. 

On the other hand, set up the following configuration in the User Session section.

  • Enable Idle Timeout: 15 minutos

2.3 Walled Garden

To complete the configuration, go to Hotspot Service > Captive Portal and configure the domains to which the user will have free access before validating on the network.

  • To add them, check the box in the Walled Garden section and type all the required domains (separated by commas).

If you wish to add extra domains (Social Networks, Paypal, etc...) they can be consulted from the following link.

2.4 Device Management - AP Groups

Finally, the last step to complete the configuration is to link the captive portal with the SSID. Access to the Device Management > Ap Groups menu and create or modify the AP Group which the access points belong to.

Within the AP Group configuration access WLAN Settings and access the SSID configuration in Guest Network in both 2.4GHz and 5GHz. Configure the following parameters:

  • Enable SSID: Select in which frequency band you want to broadcast.

  • SSID: SSID name that will be visible to the wireless users.

  • Security: None

  • Finally in the same section go down to Captive Portal and enable the Captive Portal option for the configured SSIDs by selecting the Enable option.

After having done all these changes, click on the Apply button to save this configuration.

2.5 Authorized MAC Addresses

In order to allow the users to authenticate themselves in the captive portal correctly, it is necessary to identify the NAS that will send the authentication requests to the Radius Server. In the Engenius controller, it is required to add the MAC address of every access point that will radiate the configured SSID in WIFI platform.

  • These MAC addresses can be obtained from the user interface. Access to Device Management > Access Points and check the MAC Address column. 

For information on how to add the MAC address of each AP as an authorized NAS on the platform, please refer to the following link Locations


3- Enterprise module configuration

In order to integrate the configurations of this module with the platform, it is necessary to contract the Octopus Wifi Enterprise Module.

3.1 Configuration of “Access Profiles” funtionality in the Octopus Platform

Through the Octopus platform it is possible to configure a series of reply attributes of the Access-Accept packages, grouped in the so-called Access Profile. These Access Profiles allow to activate a series of functionalities in Engenius. Although the most common and proprietary Engenius radius dictionaries are available, the following is a list of some of the most interesting ones:

Attribute

Description

Format

Attribute

Description

Format

Idle-Timeout

Maximum inactivity time. If the user does not transfer any data on the network during this time, the session will be terminated and the user will have to re-authenticate.

Seconds

Acct-Interim-Interval

Defines the time interval at which the NAS sends the accounting packet update with all the user's session information.

Seconds

Reply-Message

Useful for troubleshooting functions, since it allows to identify associated elements of the Octopus platform, such as an access profile, access method, location, ...

 

Example of an Access Profile configuration with the attributes explained above:

 

For more information on how to create an Access Profile in Octopus Platform go to Access profiles