Skip to content

New hotspot - Lancom

The following guide describes how to configure a LANCOM router of type LANCOM 1800EFW (LCOS 10.90 RU3) and connect it to our Hotspot Solution SyCes.

Note: This guide refers to an early version of the SyCes2 software. Additional software features and support for other hotspot router devices are under development. This document reflects the current status and use case of LANCOM routers for SyCes.

Prerequisites

To configure the router, you need:

  • Administrator access to the router
  • RADIUS IP and RADIUS secret from SyCes🡕
  • The URL from your tenant's location details in SyCes (format: https://backend.syces.de/login/<tenant_id>/<location_id>/)
  • An active LANCOM Public Spot software option (see LANCOM Public Spot for more info, a trial license is available here)

This tutorial demonstrates the GUI-based configuration through the web interface, available on all operating systems. Configuration via LANconfig is similar.

Step 1: Basic Settings

When configuring a brand-new or a factory reset LANCOM router, this Basic Settings setup may be necessary. If this does not apply to you, feel free to skip this step of the configuration.

Access the device

Setup wizard

  1. Assign a meaningful device name.

    Image - Basic Settings

  2. Set a secure admin password.

    Image - Basic Settings Admin User

  3. Set DHCP mode to Server.

    Image - Basic Settings DHCP

  4. Assign a local gateway IP address (e.g., 192.168.1.1) and netmask.

    Image - Basic Settings IP

  5. Enter information about your local time settings and update cycles.

  6. Skip LANCOM Management Cloud conection.

    Image - Basic Settings LMC

You now should be able to finish the setup.

After setup, access the GUI at https://192.168.1.1/ or the IP you configured.

Step 2: Network interfaces

Network layout

  • ETH-1: Admin network (LAN-1)
  • ETH-2: Hotspot network (LAN-2)
  • WAN port: Internet uplink (DSL-1)

Ensure outbound traffic is allowed on ports 80, 443, 1812 and 1813.

Later in this guide the Wi-Fi module of the router can optionally be activated.

Set up Internet access

The internet connection of the router should automatically configure, if an upstream router and DHCP Server is available. Navigate to the Dashboard to view the current connection status:

Image - Dashboard WAN

If the internet connection of the WAN port is not configured automatically, please launch the Setup Wizards > Set up Internet access Wizard.

After configuration, navigate to Configuration > Interfaces > WAN and open the Interface settings - DSL interface. In this list, the entry DSL-1 should be set to Active, as can be seen in the following image:

Image - WAN DSL Interface

If you encounter problems setting up the internet connection or the administrative port, please consult the official LANCOM documentation.

LAN Interface

  1. Navigatge to Interfaces > LAN.

  2. Use bridge mode (default).

    Image - LAN Interface

  3. Click on link Ethernet ports and assign ports:

    • ETH-1 → Interface: LAN-1 (Admin, Private mode)
    • ETH-2 → Interface: LAN-2 (Hotspot, Private mode)

  4. Ensure that WAN port is assigned to DSL-1.

    Image - LAN Interface Ethernet ports

Step 3: Update & Software Option

Firmware

  1. Navigate to Extras > Firmware Management.

  2. Check and install updates

    Image - Extras Firmware

Public Spot Option

Check for availability:

  • Extras > Public-Spot Template-preview
  • Setup Wizard > Manage/Create Public Spot Account
  • Setup Wizard > Create Public-Spot

Important: The menu Configuration > Public-Spot is available even if the option is not active. The captive portal will not function without the Public Spot Option installed.

Step 4: IP Networks & DHCP

Configure IP networks

  1. Go to Configuration > IPv4 > General > IP Networks.

  2. Set up:

    • INTRANET (Admin network) → LAN-1, e.g. 192.168.1.1
    • HOTSPOT → LAN-2, e.g. 192.168.2.1
    • WIFIHOTSPOT (Optional) → WLAN-1, e.g. 192.168.3.1

  3. Delete default entry DMZ if assigned to LAN-2.

Please be aware, that after changing the IP address of the admin network you will need to call the GUI with the new IP address.

Image - IP Networks

Configure DHCP

  1. Go to Configuration > IPv4 > DHCPv4 > DHCP networks.

  2. Set up a DHCP network for INTRANET, HOTSPOT and optionally for WIFIHOTSPOT.
    Choose an according Network name, a Source address and make sure to enable the DHCP server.

Image - IP Networks DHCP

Validate connectivity

After configuration, ensure that the interfaces are configured correctly.

  • Devices connected to ETH-1 and ETH-2 should get IP addresses.
  • Device's internet access should work.

Step 5: Setup Hotspot (Public-Spot)

After setting up the local networks, in this step we configure a captive portal to verify the hotspot user credentials against the SyCes2 RADIUS server.

Enable authentication

  1. Go to Configuration > Public-Spot > Authentication.

  2. Set:

    • Authentication mode: Authenticate with name and password
    • Activate terms of use
    • Choose HTTP

Please note, that this authentication mode is the only working option using our RADIUS server. How to set up the router to use the external Captive Portal of SyCes, is explained later in Step 6.

Image - Public Spot Authentication

Activate Public-Spot for Interfaces

  1. Go to Public-Spot > Server > Interfaces - Public-Spot.

  2. Activate for:

    • LAN-2
    • WLAN-1 (optional)

Warning: Activating on your currect admin interface will disconnect you!

Image - Public Spot Server Interfaces

Configure RADIUS

  1. In Public-Spot > Server, ensure RADIUS authentication is enabled.

    Image - Public Spot Server External Hotspot

  2. Go to Public-Spot > Users > RADIUS Server.

  3. Add new RADIUS server entry with:

    • Protocol: RADIUS
    • IP and secret from SyCes🡕 as Auth. server address and Auth. server secret
    • No backup provider, no attribute values and no source address needed
    • fill out Authentication and Accounting

  4. Remove existing entries (e.g. LOCAL).

Image - Public Spot Users RADIUS Server

Test captive portal

  • Connect a test device to ETH-2.
  • The LANCOM default login page should appear.
  • Use valid SyCes account credentials to unlock internet access.

Image - Local Captive Portal Login Page

Step 6: Use External Captive Portal (Optional)

Using SyCes' external Captive Portal enables advanced features and customizable login pages.

Allow access without authentication

Since calling the page from our external captive portal needs to be done before the RADIUS authentication, we need to allow devices access to our web server.

  1. Navigate to Public-Spot > Server > Access without authentication.

  2. Enter:

    • Web server address: backend.syces.de
    • Directory: /login

  3. And Send the changes.

Image - Public Spot Server Access wo Auth

Redirect to external page

  1. Go to Public-Spot > Server.

  2. Open Page Table (in section Adaptation of the Public Spot appearance).

  3. Change the Login page's Page Address (URL) to the copied Walled Garden URL: 

    https://backend.syces.de/login/<tenant_id>/<location_id>/

  4. Set Request Type to Redirect and deactivate Cache page.

Image - Public Spot Server Page Table

Optional URL Parameters

Auto Login via MAC Address

To enable the Auto Login feature for a location in SyCes, the Page address (URL) should include the device's MAC address.

https://backend.syces.de/login/<tenant_id>/<location_id>/mac=%m/
  • %m will be automatically replaced by the router with the device's MAC address.
  • The server checks for an existing active session for the device and reauthenticates it automatically.
  • Make sure the Auto Login setting is enabled for the corresponding location in SyCes.

Language Parameter

The language of the walled garden pages is automatically detected based on the client’s Accept-Language HTTP header. This usually corresponds to the language of the user's device.

To enforce a specific language (e.g. German), append the lang=de parameter to the login URL:

https://backend.syces.de/login/<tenant_id>/<location_id>/lang=de/

If you are using both the MAC address and the language parameter, the MAC address must come first:

https://backend.syces.de/login/<tenant_id>/<location_id>/mac=%m/lang=de/

Step 7: Setting up Wi-Fi (optional)

You can set up the Wi-Fi via Setup Wizard > Configure WLAN interface.

  1. Open the Configure WLAN Setup Wizard.

  2. Select Step-by-step configuration.

  3. Allow the wizard to Change physical base settings of a WLAN interface.

  4. Choose your Country.

  5. Select WLAN Interface to change: WLAN interface 1.

    Image - Setup Wizard Configure WLAN Interface

  6. Set the WLAN operating mode to Access point.

    Image - Setup Wizard Configure WLAN Operating Mode

  7. Choose a Channel Number and use the internal antennas unless external ones are available and configured.

  8. Choose WLAN-1-1 as the WLAN network and select Change the WLAN network.

    Image - Setup Wizard Configure WLAN Network

  9. Assign a desired name for your Wi-Fi as Network name (SSID) and set an SSID broadcast.

    Image - Setup Wizard Configure WLAN Name

  10. Set encryption to Do not activate encryption for the wireless LAN. This is intentional, as authentication is handles via the Captive Portal.

    Image - Setup Wizard Configure WLAN Encryption

  11. Finish the Setup Wizard.

  12. If not done earlier:

Once complete, the Wi-Fi should be active and the hotspot functionality can be tested by connecting with a client device.

Troubleshooting

If you encounter any issues or unexpected behavior during this configuration, please contact us at tsp-ms-dev@concat.de.