Teldat

Follow

Purpose

This guide shows how to configure a Teldat access point for Volare.

Please note that the information contained in this article may contain outdated configuration data. Therefore, please check the data contained in the article "Parameters for the Solution" at the bottom of the page, as they are certainly up to date.

Prerequisites

The configuration procedure has been performed and tested with the following device model: Teldat V-H+ TLDPV01A1

In order to correctly integrate a Teldat access point with the Solution, it is necessary that:

  • the device is connected to the Internet
  • WAN and LAN interfaces are correctly configured

 

Accessing the command-line interface

These devices come only with a command-line interface that may be accessed by a local connection thought the serial console port, or a remote Telnet connection.

 

Set configuration

In order to set configuration parameters, it is necessary to type the sh conf command on the Config> console. Then is necessary to provide some configuration parameters.
The following is a working example of configuration, along with some comments to understand the procedure step by step.

Config>sh conf
; Showing Menu and Submenus Configuration for access-level 15 ...
; TVRouter  BASE VDSL2/ADSL METH WWAN-USB WLAN 30 16 Version 11.00.03

   log-command-errors
   no configuration
   description "default config: standard"
   set data-link at cellular0/0
   set data-link at cellular0/1
   set data-link at cellular1/0
   set data-link at cellular1/1
   feature access-lists

The following is the list of walled garden entries, fill it at your convenience. Please note that it is necessary to enter the IP address of Volare RADIUS servers, that are:

  • 54.247.117.188 / 255.255.255.255
  • 79.125.111.180 / 255.255.255.255

In this example also the list of CDN is configured.

Please also ensure that the rest of packets are classified as "non-accepted", so that only authenticated users are able to browse the Internet. You can do this by adding a last entry deny in order to be subsequently filtered.

; -- Access Lists user configuration --
      access-list 101
         entry 1 default
         entry 1 permit
         entry 1 destination address 195.27.154.0 255.255.255.0
;
         entry 2 default
         entry 2 permit
         entry 2 destination address 216.239.32.0 255.255.224.0
;
         entry 3 default
         entry 3 permit
         entry 3 destination address 199.16.156.0 255.255.252.0
;
         entry 4 default
         entry 4 permit
         entry 4 destination address 54.246.86.254 255.255.255.255
;
         entry 5 default
         entry 5 permit
         entry 5 destination address 50.18.178.180 255.255.255.255
;
         entry 6 default
         entry 6 permit
         entry 6 destination address 54.248.102.194 255.255.255.255
;
         entry 7 default
         entry 7 permit
         entry 7 destination address 46.137.206.166 255.255.255.255
;
         entry 8 default
         entry 8 permit
         entry 8 destination address 54.232.119.5 255.255.255.255
;
         entry 9 default
         entry 9 permit
         entry 9 destination address 54.247.117.188 255.255.255.255
;
         entry 10 default
         entry 10 permit
         entry 10 destination port-range 53 53
         entry 10 protocol udp
;
         entry 11 default
         entry 11 permit
         entry 11 destination address 79.125.111.180 255.255.255.255
;
         entry 13 default
         entry 13 deny
;
      exit
;
   exit
;

   user nesetec hash-password 8724A2FD81B603B5F6D24067BB3E5A5B
;

The following commands are necessary to set the RADIUS IP address for authorization and accounting phases. The key ciphered is hidden, please use the correct RADIUS secret.

   feature aaa
; -- AAA user configuration --
      enable
      radius-servers
         server "HS-Autho"
            key ciphered [RADIUS_KEY_CIPHERED]
            host 54.247.117.188
         exit
;
         server "HS-Acc"
            key ciphered [RADIUS_KEY_CIPHERED]
            host 54.247.117.188
         exit
;
      exit
;
      group server radius "Hotspot"
         server HS-Autho
         server HS-Acc
      exit
;
      authentication login "HS-Authen"
         method 1 group Hotspot
      exit
;
      authorization network "HS-Autho"
         method 1 group Hotspot
      exit
;
      accounting network "HS-Acc"
         action-type start-stop
         method 1 group Hotspot
      exit
;
   exit
;
;

Ethernet configuration

   network ethernet0/0
; -- Ethernet Interface User Configuration --
      ip address 192.168.216.33 255.255.254.0
;
;
   exit
;
;

WLAN configuration

;
   network wlan0/0
; -- Wireless LAN Interface. Configuration --
      ip address 192.168.1.1 255.255.255.0
;
      bss "1"
      exit
;
   exit
;
   event
; -- ELS Config --
      enable trace subsystem HS ALL
      enable trace subsystem AAA ALL
   exit
;
;
;
;
;
;
;

Configuration of routes, DHCP and DNS servers. This is required to correctly redirect the clients to the Welcome Portal or Internet.

   protocol ip
; -- Internet protocol user configuration --
      route 0.0.0.0 0.0.0.0 192.168.216.2
;
      rule 1 local-ip ethernet0/0 remote-ip any
      rule 1 napt translation
;
      classless
   exit
;
   protocol dhcp
; -- DHCP Configuration --
      server
; -- DHCP Server Configuration --
         enable
;
;
         shared 1
         shared 2
;
         subnet HS 1 network 192.168.1.0 255.255.255.0
         subnet HS 1 range 192.168.1.100 192.168.1.150
         subnet HS 1 dns-server 172.24.0.221
         subnet HS 1 dns-server 172.24.0.222
         subnet HS 1 router 192.168.1.1
;
      exit
;
   exit
;
;
;
   feature dns
; -- DNS resolver user configuration --
      server 172.24.0.222
      server 172.24.0.221
   exit
;

This is the "Hotspot configuration" section. It is required to redirect the clients to the Welcome Portal if they are not authenticated and they are not visiting a URL listed in the walled garden configuration.
Please don't forget to configure redirect enable, as this allows all non-accepted HTTP traffic to be received by the Welcome Portal.

   feature hotspot
; -- Hotspot Configuration --
      debug enable
      network wlan0/0
         accounting interim-interval 1m
         accounting network HS-Acc
         authentication login HS-Authen
         authorization network HS-Autho
         max-sessions 5000
         policy drop
         redirect enable
         url fail-page "https://splashportal.cloud4wi.com/?vendor=teldat"
         url portal-page "https://splashportal.cloud4wi.com/?vendor=teldat"
         url success-page "https://splashportal.cloud4wi.com/?vendor=teldat"
         walled-garden access-list 101
         enable
      exit
;
   exit
;
   dump-command-errors
   end
Config>

Walled garden

As already mentioned, it is necessary to include to enter the IP address of Volare RADIUS servers.

In order to configure the walled garden for other purposes, please check the following articles:

Allowing free access to the CDN

As explained in the article Enabling the CDN, it is necessary to add some IP addresses to the walled garden in order to support the access to the CDN.
As already mentioned, you can find these entries configured in the example above, that are:

  • 50.18.178.180 / 255.255.255.255
  • 54.248.102.194 / 255.255.255.255
  • 54.246.86.254 / 255.255.255.255
  • 46.137.206.166 / 255.255.255.255
  • 54.232.119.5 / 255.255.255.255
  • 54.253.118.101 / 255.255.255.255

Entering the device to the Admin Panel

For Teldat devices, the Admin Panel requires only the MAC address and the Identifier field is not required.

In order to add a new access point to the system, please see How to add an access point.

 

Parameters for the Solution

Before doing your configuration, please check that the values in your configuration match with the following ones:

RADIUS server 1: 54.247.117.188
RADIUS server 2: 79.125.111.180
RADIUS secret: (it will be communicated by Cloud4Wi)
RADIUS Authentication/Authorization port: 1812
RADIUS Accounting port: 1813
UAM login page: https://splashportal.cloud4wi.com/?vendor=teldat

Please note that it is necessary to enter the Welcome Portal URL exactly as it is written above.
If you enter the Welcome Portal URL in different formats (e.g. https://splashportal.cloud4wi.com/c4wportal/mysplashportal?vendor=teldat), then the redirection will fail and the end-user will not be able to see the Welcome Portal.

If these parameters change in the future, we will promptly inform you about new values.

Have more questions? Submit a request

Comments