This guide shows how to configure a Teldat Access Point, in order to use it as a Hotspot.
Please note that the information contained in this article may contain outdated configuration data. Therefore, please check the data contained in the article "Parameters for the Solution" at the bottom of the page, as they are certainly up to date.
The configuration procedure has been performed and tested with the following device model: Teldat V-H+ TLDPV01A1
In order to correctly integrate a Teldat Access Point with the Solution, it is necessary that:
- the device is connected to the Internet
- WAN and LAN interfaces are correctly configured
Accessing the command-line interface
These devices come only with a command-line interface that may be accessed by a local connection thought the serial console port, or a remote Telnet connection.
In order to set configuration parameters, it is necessary to type the sh conf command on the Config> console. Then is necessary to provide some configuration parameters.
The following is a working example of configuration, along with some comments to understand the procedure step by step.
Config>sh conf ; Showing Menu and Submenus Configuration for access-level 15 ... ; TVRouter BASE VDSL2/ADSL METH WWAN-USB WLAN 30 16 Version 11.00.03 log-command-errors no configuration description "default config: standard" set data-link at cellular0/0 set data-link at cellular0/1 set data-link at cellular1/0 set data-link at cellular1/1 feature access-lists
The following is the list of walled garden entries, fill it at your convenience. Please note that it is necessary to enter the IP address of Cloud4Wi RADIUS servers, that are:
- 188.8.131.52 / 255.255.255.255
- 184.108.40.206 / 255.255.255.255
In this example also the list of CDN is configured.
Please also ensure that the rest of packets are classified as "non-accepted", so that only authenticated users are able to browse the Internet. You can do this by adding a last entry deny in order to be subsequently filtered.
; -- Access Lists user configuration -- access-list 101 entry 1 default entry 1 permit entry 1 destination address 220.127.116.11 255.255.255.0 ; entry 2 default entry 2 permit entry 2 destination address 18.104.22.168 255.255.224.0 ; entry 3 default entry 3 permit entry 3 destination address 22.214.171.124 255.255.252.0 ; entry 4 default entry 4 permit entry 4 destination address 126.96.36.199 255.255.255.255 ; entry 5 default entry 5 permit entry 5 destination address 188.8.131.52 255.255.255.255 ; entry 6 default entry 6 permit entry 6 destination address 184.108.40.206 255.255.255.255 ; entry 7 default entry 7 permit entry 7 destination address 220.127.116.11 255.255.255.255 ; entry 8 default entry 8 permit entry 8 destination address 18.104.22.168 255.255.255.255 ; entry 9 default entry 9 permit entry 9 destination address 22.214.171.124 255.255.255.255 ; entry 10 default entry 10 permit entry 10 destination port-range 53 53 entry 10 protocol udp ; entry 11 default entry 11 permit entry 11 destination address 126.96.36.199 255.255.255.255 ; entry 13 default entry 13 deny ; exit ; exit ;
user nesetec hash-password 8724A2FD81B603B5F6D24067BB3E5A5B ;
The following commands are necessary to set the RADIUS IP address for authorization and accounting phases. The key ciphered is hidden, please use the correct RADIUS secret.
feature aaa ; -- AAA user configuration -- enable radius-servers server "HS-Autho" key ciphered [RADIUS_KEY_CIPHERED] host 188.8.131.52 exit ; server "HS-Acc" key ciphered [RADIUS_KEY_CIPHERED] host 184.108.40.206 exit ; exit ; group server radius "Hotspot" server HS-Autho server HS-Acc exit ; authentication login "HS-Authen" method 1 group Hotspot exit ; authorization network "HS-Autho" method 1 group Hotspot exit ; accounting network "HS-Acc" action-type start-stop method 1 group Hotspot exit ; exit ; ;
network ethernet0/0 ; -- Ethernet Interface User Configuration -- ip address 192.168.216.33 255.255.254.0 ; ; exit ; ;
; network wlan0/0 ; -- Wireless LAN Interface. Configuration -- ip address 192.168.1.1 255.255.255.0 ; bss "1" exit ; exit ; event ; -- ELS Config -- enable trace subsystem HS ALL enable trace subsystem AAA ALL exit ; ; ; ; ; ; ;
Configuration of routes, DHCP and DNS servers. This is required to correctly redirect the clients to the Splash Portal or Internet.
protocol ip ; -- Internet protocol user configuration -- route 0.0.0.0 0.0.0.0 192.168.216.2 ; rule 1 local-ip ethernet0/0 remote-ip any rule 1 napt translation ; classless exit ; protocol dhcp ; -- DHCP Configuration -- server ; -- DHCP Server Configuration -- enable ; ; shared 1 shared 2 ; subnet HS 1 network 192.168.1.0 255.255.255.0 subnet HS 1 range 192.168.1.100 192.168.1.150 subnet HS 1 dns-server 172.24.0.221 subnet HS 1 dns-server 172.24.0.222 subnet HS 1 router 192.168.1.1 ; exit ; exit ; ; ; feature dns ; -- DNS resolver user configuration -- server 172.24.0.222 server 172.24.0.221 exit ;
This is the "Hotspot configuration" section. It is required to redirect the clients to the Splash Portal if they are not authenticated and they are not visiting a URL listed in the Walled Garden configuration.
Please don't forget to configure redirect enable, as this allows all non-accepted HTTP traffic to be received by the Splash Portal.
feature hotspot ; -- Hotspot Configuration -- debug enable network wlan0/0 accounting interim-interval 1m accounting network HS-Acc authentication login HS-Authen authorization network HS-Autho max-sessions 5000 policy drop redirect enable url fail-page "https://splashportal.cloud4wi.com/?vendor=teldat" url portal-page "https://splashportal.cloud4wi.com/?vendor=teldat" url success-page "https://splashportal.cloud4wi.com/?vendor=teldat" walled-garden access-list 101 enable exit ; exit ; dump-command-errors end Config>
As already mentioned, it is necessary to include to enter the IP address of Cloud4Wi RADIUS servers.
In order to configure the Walled Garden for other purposes, please check the following articles:
- Walled Garden for the Social Login (web sites/domains to open)
- Walled Garden for PayPal feature (web sites/domains to open)
Allowing free access to the CDN
As explained in the article Improving the performance of Control Panel and Splash Portal by enabling the CDN, it is necessary to add some IP addresses to the Walled Garden in order to support the access to the CDN.
As already mentioned, you can find these entries configured in the example above, that are:
- 220.127.116.11 / 255.255.255.255
- 18.104.22.168 / 255.255.255.255
- 22.214.171.124 / 255.255.255.255
- 126.96.36.199 / 255.255.255.255
- 188.8.131.52 / 255.255.255.255
- 184.108.40.206 / 255.255.255.255
Entering the device to the Control Panel
For Teldat devices, the Control Panel requires only the MAC address and the Identifier field is not required.
Parameters for the Solution
Before doing your configuration, please check that the values in your configuration match with the following ones:
RADIUS server 1: 220.127.116.11
RADIUS server 2: 18.104.22.168
RADIUS secret: (it will be communicated by Cloud4Wi)
RADIUS Authentication/Authorization port: 1812
RADIUS Accounting port: 1813
UAM login page: https://splashportal.cloud4wi.com/?vendor=teldat
Please note that it is necessary to enter the Splash Portal URL exactly as it is written above.
If you enter the Splash Portal URL in different formats (e.g. https://splashportal.cloud4wi.com/c4wportal/mysplashportal?vendor=teldat), then the redirection to the Splash Portal will fail and the end-user will not be able to see the Splash Portal.
If these parameters change in the future, we will promptly inform you about new values.