Skip to content

New hotspot (Basics)

The following explains the general requirements for hotspot devices (routers/firewalls) and their setup for SyCes2. Since the configuration interface (GUI/CLI) is different for each device, this page can only explain the general topics. For more information about configuring your device, see the device documentation.

See other pages on this wiki for instructions on installing specific devices. Please read these pages if you want to set up one of these types of routers:

If support for other router types is desired, this can be easlily developed and implemented in future versions of SyCes. If you would like to implement additional devices, please contact us via tsp-ms-dev@concat.de.

Requirements

To set up a hotspot for a location in SyCes, you need a suitable hotspot device/router with RADIUS capabilities and either a local/internal or an external captive portal, administrative access to it, a WAP and a network connection for Internet access (Outbound Ports: 80, 443, 1812, 1813).

The most basic login function of SyCes requires the router to send the hotspot user's login information to the SyCes2 RADIUS server for authentication. This is done through an outgoing RADIUS Authentication Request (UDP/1812). If the hotspot users' communication data is to be saved, RADIUS Accounting (UDP/1813) is also required (required for time- or usage-restricted accounts).

To display a captive portal page that asks for hotspot user credentials, the router must have either a local captive portal installed or an external captive portal associated with it. In the case of an external captive portal, the captive portal page hosted for the location on SyCes should be selected.

Hint: Depending on the required network communication required, using an external captive portal may cause certificate issues. Typically the router needs to be called from our website (SSL encrypted). If the router requires communication other than simple HTTP requests, it may be necessary to set up a valid certificate on the router.

Prerequisites

To configure the router, you need administrative access to it. Most devices have a graphical user interface (GUI) that can be accessed in a browser using the device's IP address in the current network. Alternatively, you can access many device via a CLI. For more information about administrative access on your device, see your device manual.

For configuration you also need information about the RADIUS IP and RADIUS Secret of SyCes2. This information can be found at SyCes.

To set up the router for SyCes, the location that manages this router must exist in the new database. For a configuration using an external captive portal, like the one we provide, the Walled Garden URL of the location is required. This URL contains the tenant ID and the location ID. If you want to read out these values, you need valid access data for SyCes.

Navigate to the relevant tenant's location page and on the Locations details card, click the copy button next to the link in the URL field. The copied URL should be in the form: https://backend.syces.de/login/<tenant_id>/<location_id>/. This is the URL we need to set as the Walled Garden URL in the router settings.

The RADIUS data can be found on a page linked in the left navigation bar near the bottom.

Step 1: Set up the router on the network

The local network in which the router is installed must be able to communicate outbound via ports 80, 443, 1812 and 1813. The router's local IP addresses on its admin and hotspot networks should be noted.

Network setup depends heavily on your router. Most likely, the router will has a WAN Port to which you should connect the outgoing (Internet) connection. The admin interface can probably be called from a devices connected to a CONSOLE port or one of it's Network/LAN ports.

Since the router's network ports can usually be configured in the settings, previous knowledge how to access and administrate your device is required. For more information, see the device documentation.

Step 2: Updating the router software

Make sure the router is running a current version of the software. It is therefore advisable to carry out a software update before configuring the router.

If you have documentation for the device, it is also worth paying attention to which software version this documentation was written for. Most online manuals are available for multiple supported software versions.

Step 3: Set up network port for Wi-Fi / WAP

The next step should be to configure the router's network ports and/or the router's Wi-Fi.

For a configuration with a WAP, a network port of the router should be designated for the hotspot. Configure a DHCP Server for this network. If necessary, adjust the router's IP and network mask and note the IP of the router (Gateway IP on the local hotspot network) for later use.

In order to use our external captive portal, this IP address must be entered in the location's setting in SyCes. It is used by devices accessing the Wi-Fi to access the router's login page.

Step 4: Set up the RADIUS server

To set up the RADIUS server, navigate to your router's RADIUS settings, usually in the User & Authentication or Remote Authentication settings.

All that is required for a working configuration is a RADIUS Authentication request. Optionally a RADIUS Accounting request is recommended to log Wi-Fi data usage and connection duration of the hotspot users. This setting is required to use time or volume limited access.

Depending on your router, this setup may require one or more entries, which might need to be linked to the port, hotspot or user group entries.

Step 5: Set up hotspot

You can find the configuration of a hotspot either be found in the network settings (e.g. Network Interface), where the port is already set up, or in a separate setting (e.g. Local Services). Please refer to your device's documentation if you have trouble finding the settings.

Network routers can usually be set up to either use a local captive portal hosted on the router or to invoke an external captive portal like the one hosted on our server.

The general setup of a hotspot may require assigning the network port/interface, the RADIUS Server and a User Group. It is important to verify that the captive portal is correctly using the SyCes RADIUS server for user authentication. Further information about Additional freely accessible domains/Exempt destinations (in hotspot Wi-Fi, before valid authentication) as well as Post login URL/Redirects after Captive Portal can usually be entered here.

Setting up an interal captive portal is usually the standard method for a device's hotspot. There might be a setting like Authentication portal > Local, or you might just leave the URL field blank. For more information about your device's setting, see your device's documentation.

Customizable captive portal pages allow customization of login pages (logo/style and scripts) and development of additional features (e.g. anonymous account creation). If you need help customizing your captive portal or implementing of your device, please contact us via tsp-ms-dev@concat.de.

To set up an external captive portal, the Walled Garden URL of the corresponding location in SyCes is required (in the format https://backend.syces.de/login/<tenant_id>/<location_id>/). If your device has the ability to use the MAC address of the user device in the URL call (e.g. via the variable ${CLIENT_MAC}), the SyCes auto login feature can be used. To use this feature, you can append mac=${CLIENT_MAC}/ to the Walled Garden URL. When a user accesses the captive portal, the SyCes server checks whether the device has an open session and either automatically logs the device in or display the login page as usual. Please ensure that the auto login setting is set to True for the configured location.

Step 6: Login Attempt

After setting up your hotspot router with these settings, connecting a device to the WAP's Wi-Fi should open the captive portal.

The login can be tested by entering valid access data (existing account or via the self-service portal).

Depending on your router, you may see a list of all logged in devices (e.g. under Monitoring / HotSpot Gateway).

Troubleshooting

If you experience any problems or unexpected behavior when setting up your router, please contact us via tsp-ms-dev@concat.de.