Engenius Cloud

CONFIGURATION GUIDE

The purpose of the following manual is to describe the necessary configuration of Engenius cloud equipment for integration with Octopus Platform.

1- Pre-requisites

  • If there is a firewall in the network that might block the traffic, you will need to allow access to some domains to enable user's authentication:

    • Radius Servers:

      • Primary: <IP_Radius_1> 1812 and 1813 UDP ports

      • Secondary: <IP_Radius_2> 1812 and 1813 UDP ports

    • Splash Portal server: 

      • Domain <captive_portal_domain> 80 and 443 TCP ports

  • For the operation of the Guest and Enterprise modules configuration, it will be necessary to previously contract the Octopus platform licenses with the respective modules.

2- Guest module configuration

2.1 SSID

Inside the Engenius Cloud graphical interface, go to Configure > SSID, create a new SSID or edit the one we want to integrate with the platform, and follow the steps below:

  • Name: Name of the SSID, for example "WIFIGuest"

  • Enabled: Activated

  • Security type: Open

2.2 Radius server

In the tab Captive Portal, configure the following parameters:

  • Enabled: Activated

  • Authentication Type: Custom Radius

  • Custom Radius Authentication Type: PAP

  • IP Address Server 1: <IP_Radius_1>

  • Port: 1812

  • Secret: <Secret>
    IP Address Server 2: <IP_Radius_2>

  • Port: 1812

  • Secret: <Secret>

 

  • Accounting Server: enable

  • Interim Accounting Interval: 600 seconds

  • IP Address Server 1: <IP_Radius_1>

  • Port: 1813

  • Secret: <Secret>

  • IP Address Server 2: <IP_Radius_2>

  • Port: 1813

  • Secret: <Secret>

 

  • Redirect URL: Redirect to the URL that the user was trying to visit

  • Advanced Setting

    • Idle Timeout: Idle time before users are disconnected, we recomend 15 minutes

    • Walled Garden: Add the basic domains for the operation and the rest of the necessary ones according to the following list

If you wish to add extra domains (Social Networks, Paypal, etc...) they can be consulted from the following link.

In the tab Splash Page > Splash Page Type

 

2.3- Authorized MAC Addresses

For user validation to work properly, it is necessary to identify the NAS that will be able to make authentication requests to the Radius Server.

In this case, the MAC of the devices in each Location must be added to the WIFI platform. You can see them in Manage > Access Points and in the column MAC.

3- Enterprise module configuration

In order to integrate the configurations of this module with the platform, it is necessary to contract the Octopus Platform Enterprise Module.

3.1 Configuration of “Access Profiles” funtionality in the Octopus Platform

Through the Octopus platform it is possible to configure a series of reply attributes of the Access-Accept packages, grouped in the so-called Access Profile. These Access Profiles allow to activate a series of functionalities in Engenius. Although the most common and proprietary Engenius radius dictionaries are available, the following is a list of some of the most interesting ones:

Attribute

Description

Format

Attribute

Description

Format

Idle-Timeout

Maximum inactivity time. If the user does not transfer any data on the network during this time, the session will be terminated and the user will have to re-authenticate.

Seconds

Acct-Interim-Interval

Defines the time interval at which the NAS sends the accounting packet update with all the user's session information.

Seconds

Reply-Message

Useful for troubleshooting functions, since it allows to identify associated elements of the Octopus platform, such as an access profile, access method, location, ...

 



Example of an Access Profile configuration with the attributes explained above:

 

For more information on how to create an Access Profile in Octopus Platform go to Access profiles