HotSpot WiFi

HotSpot WiFi

Introduction

Providing WiFi access to the customers may help any small business by attracting more people for the wireless services availability. Several marketing investigations have proven that these customers spend more time in a shop buying more coffee, donuts or sandwiches. They prefer Hotel or B&B accomodation offering Internet service. In addition a tangible indirect benefits for the owner of wireless hotspot, because it can generate profits of between 150€ and 300€ per month based on an average of only two user connections per day and 15 sign-ups per month.
Hotspot WiFi is a business opportunity available for small businesses — such as coffee shops, restaurants, hotels, and office lobbies.

Ubiquiti Hotspot WiFi

Our company announces a professional Hotspot solution for outdoor and indoor application based on Ubiquiti device.
We have included the Hotspot functionality in AirOS firmware to make easy a WiFi Hotspot service deployment. Based on Chillispot software as Captive Portal authentication, your Ubiquiti supports the right solution for public Hotspot with web based login. To build up your own Hotspot Network you need Ubiquiti with Hotspot capabilities and a Radius Server.
If you are looking for a turn key solution, take a tour to our Remote Radius Service.



Mikrotik Hotspot WiFi

Mikrotik RouterOS includes an excellent hotspot solution.
Mikrotik Router works with RadioJungle AAA server and its configuration can be done easly by using Winbox.
Moreover, our Radius system allows to customize login page of MikroTik Hotspot. If you are interested in configuration instructions, please register to our web site and ask for that.

How to do for Ubiquiti...

Ubiquiti's chillispot configuration

Here below a brief description of the fields for Ubiquiti's chillispot configuration.
A configuration for our Remote Radius Service is available too. Please ask for it to our Customer Care.

Enable Chillispot
Enable / Disable chillispot service.

DHCP Interface
This is the network interface which is shared between the Clients. In a typical wireless configuration this should be set to WLAN.

Primary Radius Server
IP address of primary radius server.

Secondary Radius Server
IP address of secondary radius server. If you have only one radius server you must set this parameter to the same value as primary radius server.

Radius Auth Port
UDP port number to use for radius authentication requests. The same port number is used for both primary and secondary radius server. Default port is 1812.

Radius Acct Port
UDP port number to use for radius accounting requests. The same port number is used for both primary and secondary radius server. Default port is 1813.


DNS IP
DNS IP server address. It will be suggested to the Clients. Default IP is Google free DNS IP server address 8.8.8.8

Remote Network
IP network address of external packet data network. Used to allocate dynamic IP addresses to Clients and set up routing. Default value is network 192.168.182.0/24. Chillispot internal DHCP server will assume in this case 192.168.182.1 IP address and at Clients will be assigned addresses starting from 192.168.182.2 to 192.168.182.254. The address 192.168.182.255 will be the broadcast IP address of network.

Redirect URL
URL of welcome homepage or Captive Portal. Unauthenticated users will be redirected to this URL of web server for handling authentication. This URL must start with http:// or https://

Radius NAS ID
Radius NAS-Identifier. This ID will be sent to Radius to identify the Hotspot. The radius server could be configured to allow or deny access to Users of an Hotspot by using this ID. Default value is ubiquiti.

Radius Shared Secret
Radius shared secret for both radius servers. The RADIUS protocol does not transmit passwords in cleartext between the NAS and RADIUS server (not even with PAP protocol). Rather, a shared secret is used along with the MD5 hashing algorithm to obfuscate passwords.

UAM Allowed
Universal access method (UAM) allowed is a comma separated list of domain names, IP addresses or network segments the Clients can access without first authenticating. It is mandatory to define as accessible without radius authentication both primary and secondary radius servers, the URL domain of Captive Portal and DNS server.

UAM Secret
Word shared between chilli and authentication web server. This is a secret password between the Redirect URL and the Hotspot. Default value is 'blank'.

PIN Code
License code based on both Hotspot's MAC LAN and WLAN addresses to use integrated Chillispot in the firmware.



Ubiquiti's network configuration

Chillispot will start its own DHCP server accordingly to the configuration. A free IP address of Remote Network will be assigned to each Clients connected to the DHCP interface. Chillispot will redirect all unauthorized Users to Redirect URL to be authenticated. When the Users are authenticated by Radius platform, the Client will be authorized to access to the network throught the internet connection of the Hotspot.
For that reasons, Chillispot works only in Router mode and the IP address of the Hotspot has to be in a different network than IP addresses assigned to the Clients. Of course the internal DHCP server of the Hotspot must be disabled to avoid an IP address assignement conflict. The NAT must be enabled to allow Users to have access to internet.




How to do for Mikrotik...

Mikrotik's remote radius configuration

Here below a brief description on how to configure Mikrotik to work with both Remote Radius and Captive Portal by using the official tool Winbox. A configuration for our Remote Radius Service is available too. Please ask for it to our Customer Care.

Mikrotik's remote Captive Portal configuration

In order to enable a remote captive portal for Mikrotik, HTML file in Hotspot directory has to be replaced with this file. You can download our 3TS Captive Portal code file too.

Mikrotik's remote radius configuration

Under Radius menů, click on add button.

Hotspot
Enable / Disable hotspot service.

Address
IP address of radius server.

Radius Shared Secret
Radius shared secret for radius server. The RADIUS protocol does not transmit passwords in cleartext between the NAS and RADIUS server (not even with PAP protocol). Rather, a shared secret is used along with the MD5 hashing algorithm to obfuscate passwords.

Authentication Port
UDP port number to use for radius authentication requests. Default port is 1812.

Accounting Port
UDP port number to use for radius accounting requests. Default port is 1813.

Timeout
Timeout for remote radius server. Set 3000ms.

Mikrotik's hotspot configuration

Under IP → Hotspot menů select Servers tab and click on Hotspot Setup.

Hotspot Interface
Ethernet interface to listen to. This is the network interface which is shared between the Clients. In a typical wireless configuration this should be set to radio interface.

Local Address of Network
IP network address of external packet data network. Used to allocate dynamic IP addresses to Clients and set up routing. Set to 192.168.182.1/24, the Clients will assume addresses starting from 192.168.182.2 to 192.168.182.254. The address 192.168.182.255 will be the broadcast IP.
Flag Masquered Network.

Address Pool of Network
Pool of IP addresses used to be assigned to Clients. By default IP pool is calculated starting from previous setting.

Select Certificate
Certificate used for data. Set none.

IP Address of SMTP Server
SMTP Server. Set 0.0.0.0

DNS Server
DNS IP server address. It will be suggested to the Clients. You should set 8.8.8.8 (free Google DNS)

Under IP → Hotspot menů select Server Profiles tab.

Name
Profile's name.

Hotspot Address
Hotspot IP address.

HTML Directory
Directory containing the HTML file of the Captive Portal.

Login by
Type of login supported. Set HTTP PAP.

Use RADIUS
Enable / Disable remote radius server management. Set Enable

MAC Format
MAC Format used. Set XX:XX:XX:XX:XX:XX

NAS Port type
NAS Port type sent to Radius. Set wireless-802.11


Under IP → Hotspot menů select Wall Garden tab.

The Wall Garden configuration allows the Users to access at networks or individual IP addresses without authentication. It's a section where is possible specify free access sites. The minimum configuration to redirect Users to Captive Portal and data to Radius Server is to allow free access to both IP addresses of Radius Server and Captive Portal (if it doesn't resides on the same machine of Radius).

Dst. Address
IP address or network to be reached without authentication.