Engenius Cloud
- Marce De Miguel (Unlicensed)
- Pedro Doroshenko
- Fernando Rudilla García (Unlicensed)
- Santiago Nanclares (Unlicensed)
CONFIGURATION GUIDE
The purpose of the following manual is to describe the necessary configuration of Engenius cloud equipment for integration with Octopus Platform.
1- Pre-requisites
If there is a firewall in the network that might block the traffic, you will need to allow access to some domains to enable user's authentication:
Radius Servers:
Primary: <IP_Radius_1> 1812 and 1813 UDP ports
Secondary: <IP_Radius_2> 1812 and 1813 UDP ports
Splash Portal server:
Domain <captive_portal_domain> 80 and 443 TCP ports
For the operation of the Guest and Enterprise modules configuration, it will be necessary to previously contract the Octopus platform licenses with the respective modules.
2- Guest module configuration
2.1 SSID
Inside the Engenius Cloud graphical interface, go to Configure > SSID, create a new SSID or edit the one we want to integrate with the platform, and follow the steps below:
Name: Name of the SSID, for example "WIFIGuest"
Enabled: Activated
Security type: Open
2.2 Radius server
In the tab Captive Portal, configure the following parameters:
Enabled: Activated
Authentication Type: Custom Radius
Custom Radius Authentication Type: PAP
IP Address Server 1: <IP_Radius_1>
Port: 1812
Secret: <Secret>
IP Address Server 2: <IP_Radius_2>Port: 1812
Secret: <Secret>
Accounting Server: enable
Interim Accounting Interval: 600 seconds
IP Address Server 1: <IP_Radius_1>
Port: 1813
Secret: <Secret>
IP Address Server 2: <IP_Radius_2>
Port: 1813
Secret: <Secret>
Redirect URL: Redirect to the URL that the user was trying to visit
Advanced Setting
Idle Timeout: Idle time before users are disconnected, we recomend 15 minutes
Walled Garden: Add the basic domains for the operation and the rest of the necessary ones according to the following list
If you wish to add extra domains (Social Networks, Paypal, etc...) they can be consulted from the following link.
In the tab Splash Page > Splash Page Type
External Splash Page URL: http://<captive_portal_domain>/login/hotspot/engeniuscloud/<SSID>
The SSID parameter allows us to distinguish by WLAN. In the URL above put the name of the SSID that will radiate the APs. Example: http://<captive_portal_domain>/login/hotspot/engeniuscloud/WIFIGuest
2.3- Authorized MAC Addresses
For user validation to work properly, it is necessary to identify the NAS that will be able to make authentication requests to the Radius Server.
In this case, the MAC of the devices in each Location must be added to the WIFI platform. You can see them in Manage > Access Points and in the column MAC.
3- Enterprise module configuration
In order to integrate the configurations of this module with the platform, it is necessary to contract the Octopus Platform Enterprise Module.
3.1 Configuration of “Access Profiles” funtionality in the Octopus Platform
Through the Octopus platform it is possible to configure a series of reply attributes of the Access-Accept packages, grouped in the so-called Access Profile. These Access Profiles allow to activate a series of functionalities in Engenius. Although the most common and proprietary Engenius radius dictionaries are available, the following is a list of some of the most interesting ones:
Attribute | Description | Format |
|---|---|---|
Idle-Timeout | Maximum inactivity time. If the user does not transfer any data on the network during this time, the session will be terminated and the user will have to re-authenticate. | Seconds |
Acct-Interim-Interval | Defines the time interval at which the NAS sends the accounting packet update with all the user's session information. | Seconds |
Reply-Message | Useful for troubleshooting functions, since it allows to identify associated elements of the Octopus platform, such as an access profile, access method, location, ... |
|
Example of an Access Profile configuration with the attributes explained above:
For more information on how to create an Access Profile in Octopus Platform go to Access profiles