DrayOS Hotspot Web Portal supports various authentication methods like facebook, Google. After Hotspot Web Portal clients provide their account credentials, these external servers will send API (permit) back to the router to allow Internet access.
ACS 3 can achieve it too. By setting up ACS 3 as an external portal server, we are able to:
- Set up hotspot profiles and apply them to mutiples CPEs in a specific Network group at one time.
- Manage tons of data which comes from mutiple CPEs and analyze the usage on ACS server.
- Store MAC addresses of clients’ devices so they don’t need to be authenticated again in the valid
This article will demonstrate how to set up ACS 3 as a Hotspot Portal Server.
How does ACS 3 work as an external Hotspot Portal Server?
- On ACS 3 Dashboard
- Tap the Network box which is located at the top.
Click the network group.
Go to Hotspot Web Portal >> Profile.
Click Add and name the new profile
Click Edit at the new profile
- On the profile setup page,
- Basic Settings & Applied Interfaces
External RADIUS Server
- Enable this profile
- Enter comments (It will be applied to the Hotspot Web Portal profile of CPE site.)
Select the interfaces to apply this profile
- Click Edit at External RADIUS Server
- Enter the address of RADIUS server
- Set 1812 as Destination Port
- Enter the secret of RADIUS server
- Enter the username of MySQL
- Enter the password of MySQL
- Click Confirm
- MAC Address Format does matter, default format in FreeRADIUS is AA-BB-CC-DD-EE-FF
Portal Server & Quota Policy
- A RADIUS server is required for ACS3 server to save the MAC addresses of clients’ devices. Without a RADIUS server, we won’t be able to set up ACS 3 as an external Hotspot Portal server.
- FreeRADIUS is recommended to be your RADIUS server choice.
- This MySQL database is used for the RADIUS server, it’s not ACS one.
- ACS 3 server is set to add/update database name: "radius", please set database name to "radius" in MySQL database on FreeRADIUS server.
- Please add client entry for ACS 3 server and CPE router in clients.conf to allow remote access to FreeRADIUS server
- The MySQL database for the FreeRADIUS server must be set to allow this account to remote access ACS IP.
Docker Container will be an easy way to set up FreeRADIUS & MySQL (Linux).
After customizing the Splash page, please add Radius server IP and ACS IP to destination IP on Whitelist Setup page, so that CPE allows Radius server and ACS to pass.
Apply the profile: Go to Hotspot Web Portal >> Network & Device.
At Network & Device page,
- Select login methods (multiple selections)
- Enter the Captive Portal URL(ACS server)
- (Optional) Enable Captive Portal Detection to trigger the unauthenticated clients to automatically pop-up the Web Portal page when connect to the selected interfaces
- (Optional) Edit the default Landing Page URL to make the clients visit a specific website with successful authenticating
- Select a Quota Profile (Quota Profiles can be set up in Hotspot Web Portal >> Quota Management)
- Click Continue
Go to Hotspot Web Portal >> Profile, click View Log
Status Overview is available to observe the applied process.
On CPE site, the hotspot profile will be set up after ACS finished provisioning.
Once new clients connect to the selected interface of the router, they need to use one of the authentications to access the Internet.
- Select the User Group
- Select the Hotspot Web Portal profile for the device(s).
Note: ACS 3 does apply the profile only when CPEs send inform to it. Thus if there is no ACS applied profile on the CPEs site, please go to System Maintenance >> TR-069 Setting and click Test With Inform or wait for the next periodic inform.
Go to Hotspot >> Web Portal Analytics, this page will demonstrate all clients’ information.
For detailed information, click View Detail at Action.