Purpose
This guide shows how to configure a Teldat access point for Cloud4Wi.
Please note that the information contained in this article may contain outdated configuration data. Therefore, please check the data contained in the article "Parameters for the Solution" at the bottom of the page, as they are certainly up to date.
Prerequisites
The configuration procedure has been performed and tested with the following device model: Teldat V-H+ TLDPV01A1
In order to correctly integrate a Teldat access point with the Solution, it is necessary that:
- the device is connected to the Internet
- WAN and LAN interfaces are correctly configured
Accessing the command-line interface
These devices come only with a command-line interface that may be accessed by a local connection through the serial console port, or a remote Telnet connection.
Set configuration
In order to set configuration parameters, it is necessary to type the sh conf command on the Config> console. Then is necessary to provide some configuration parameters.
The following is a working example, along with some comments to understand the procedure step by step.
Config>sh conf ; Showing Menu and Submenus Configuration for access-level 15 ... ; TVRouter BASE VDSL2/ADSL METH WWAN-USB WLAN 30 16 Version 11.00.03 log-command-errors no configuration description "default config: standard" set data-link at cellular0/0 set data-link at cellular0/1 set data-link at cellular1/0 set data-link at cellular1/1 feature access-lists
The following is the list of walled garden entries, fill it at your convenience. Please note that it is necessary to enter the IP address of Cloud4Wi RADIUS servers, that are:
- 54.247.117.188 / 255.255.255.255
- 79.125.111.180 / 255.255.255.255
In this example also the list of CDN is configured.
Please also ensure that the rest of the packets are classified as "non-accepted" so that only authenticated users can browse the Internet. You can do this by adding the last entry deny to be subsequently filtered.
; -- Access Lists user configuration -- access-list 101 entry 1 default entry 1 permit entry 1 destination address 195.27.154.0 255.255.255.0 ; entry 2 default entry 2 permit entry 2 destination address 216.239.32.0 255.255.224.0 ; entry 3 default entry 3 permit entry 3 destination address 199.16.156.0 255.255.252.0 ; entry 4 default entry 4 permit entry 4 destination address 54.246.86.254 255.255.255.255 ; entry 5 default entry 5 permit entry 5 destination address 50.18.178.180 255.255.255.255 ; entry 6 default entry 6 permit entry 6 destination address 54.248.102.194 255.255.255.255 ; entry 7 default entry 7 permit entry 7 destination address 46.137.206.166 255.255.255.255 ; entry 8 default entry 8 permit entry 8 destination address 54.232.119.5 255.255.255.255 ; entry 9 default entry 9 permit entry 9 destination address 54.247.117.188 255.255.255.255 ; entry 10 default entry 10 permit entry 10 destination port-range 53 53 entry 10 protocol udp ; entry 11 default entry 11 permit entry 11 destination address 79.125.111.180 255.255.255.255 ; entry 13 default entry 13 deny ; exit ; exit ;
user nesetec hash-password 8724A2FD81B603B5F6D24067BB3E5A5B ;
The following commands are necessary to set the RADIUS IP address for authorization and accounting phases. The key ciphered is hidden, please use the correct RADIUS secret.
feature aaa ; -- AAA user configuration -- enable radius-servers server "HS-Autho" key ciphered [RADIUS_KEY_CIPHERED] host 54.247.117.188 exit ; server "HS-Acc" key ciphered [RADIUS_KEY_CIPHERED] host 54.247.117.188 exit ; exit ; group server radius "Hotspot" server HS-Autho server HS-Acc exit ; authentication login "HS-Authen" method 1 group Hotspot exit ; authorization network "HS-Autho" method 1 group Hotspot exit ; accounting network "HS-Acc" action-type start-stop method 1 group Hotspot exit ; exit ; ;
Ethernet configuration
network ethernet0/0 ; -- Ethernet Interface User Configuration -- ip address 192.168.216.33 255.255.254.0 ; ; exit ; ;
WLAN configuration
; network wlan0/0 ; -- Wireless LAN Interface. Configuration -- ip address 192.168.1.1 255.255.255.0 ; bss "1" exit ; exit ; event ; -- ELS Config -- enable trace subsystem HS ALL enable trace subsystem AAA ALL exit ; ; ; ; ; ; ;
You also have to configure routes, DHCP and DNS servers. This operation is required to correctly redirect the clients to the Splash Page or the Internet.
protocol ip ; -- Internet protocol user configuration -- route 0.0.0.0 0.0.0.0 192.168.216.2 ; rule 1 local-ip ethernet0/0 remote-ip any rule 1 napt translation ; classless exit ; protocol dhcp ; -- DHCP Configuration -- server ; -- DHCP Server Configuration -- enable ; ; shared 1 shared 2 ; subnet HS 1 network 192.168.1.0 255.255.255.0 subnet HS 1 range 192.168.1.100 192.168.1.150 subnet HS 1 dns-server 172.24.0.221 subnet HS 1 dns-server 172.24.0.222 subnet HS 1 router 192.168.1.1 ; exit ; exit ; ; ; feature dns ; -- DNS resolver user configuration -- server 172.24.0.222 server 172.24.0.221 exit ;
This is the "Hotspot configuration" section. It is required to redirect the clients to the Splash Page if they are not authenticated and they are not visiting a URL listed in the walled garden configuration.
Please don't forget to configure redirect enable, as this allows all non-accepted HTTP traffic to be received by the Splash Page.
feature hotspot ; -- Hotspot Configuration -- debug enable network wlan0/0 accounting interim-interval 1m accounting network HS-Acc authentication login HS-Authen authorization network HS-Autho max-sessions 5000 policy drop redirect enable url fail-page "https://splashportal.cloud4wi.com/?vendor=teldat&" url portal-page "https://splashportal.cloud4wi.com/?vendor=teldat&" url success-page "https://splashportal.cloud4wi.com/?vendor=teldat&" walled-garden access-list 101 enable exit ; exit ; dump-command-errors end Config>
Walled garden
As already mentioned, it is necessary to include to enter the IP address of Cloud4Wi RADIUS servers.
To configure the walled garden for other purposes, please check the following articles:
- Walled garden for the Social Login (websites/domains to open)
- Walled garden for PayPal feature (websites/domains to open)
Enabling the CDN
As explained in the article Enabling the CDN, it is necessary to add some IP addresses to the walled garden to use the CDN.
As already mentioned, you can find these entries configured in the example above:
- 50.18.178.180 / 255.255.255.255
- 54.248.102.194 / 255.255.255.255
- 54.246.86.254 / 255.255.255.255
- 46.137.206.166 / 255.255.255.255
- 54.232.119.5 / 255.255.255.255
- 54.253.118.101 / 255.255.255.255
Entering the device details into the Admin Panel
For Teldat devices, the Admin Panel requires only the MAC address and the Identifier field is not required.
Parameters for the Solution
Before doing your configuration, please check that the values in your configuration match with the following ones:
RADIUS server 1: 54.247.117.188
RADIUS server 2: 79.125.111.180
RADIUS secret: (it will be communicated by Cloud4Wi)
RADIUS Authentication/Authorization port: 1812
RADIUS Accounting port: 1813
UAM login page: https://splashportal.cloud4wi.com/?vendor=teldat
Please note that it is necessary to enter the Splash Page URL exactly as it is written above.
If you enter the Splash Page URL in different formats (e.g. https://splashportal.cloud4wi.com/c4wportal/mysplashportal?vendor=teldat), then the redirection will fail and the end-user will not be able to see the Splash Page.
If these parameters change in the future, we will promptly inform you about new values.