Creating a Hotspot Service

The Admin & Services > Services > Hotspot Services page can be used to configure a WISPr Hotspot service to provide public access to users. In addition to the Unleashed APs, you will need the following to deploy a Hotspot:
  • Captive Portal: A special web page, typically a login page, to which users that have associated with your Hotspot will be redirected for authentication purposes. Users will need to enter a valid user name and password before they are allowed access to the Internet through the Hotspot. Open source captive portal packages, such as Chillispot, are available on the Internet. For a list of open source and commercial captive portal software, visit https://en.wikipedia.org/wiki/Captive_portal#Software_Captive_Portals, and
  • RADIUS Server: A Remote Authentication Dial-In User Service (RADIUS) server through which users can authenticate.

For installation and configuration instructions for the captive portal and RADIUS server software, refer to the documentation that was provided with them. After completing the steps below, you will need to edit the WLAN(s) for which you want to enable Hotspot service, as described in Assigning a WLAN to Provide Hotspot Service.

Unleashed supports up to 32 WISPr Hotspot service entries, each of which can be assigned to multiple WLANs.

To create a Hotspot service:

  1. Go to Admin & Services > Services > Hotspot Service. Alternatively, you can create a new Hotspot service from the WLAN creation page (Dashboard > WiFi Networks > Create).
  2. Click Create New. The Create New form appears.
  3. From the General tab, in Name, enter a name for this Hotspot service.
  4. In WISPr Smart Client Support, select whether to allow WISPr Smart Client support:
    • None: (default).
    • Enabled: Enable Smart Client support.
      Note: The WISPr Smart Client is not provided by Ruckus - you will need to provide Smart Client software/hardware to your users if you select this option.
      • Only WISPr Smart Client allowed: Choose this option to allow only clients that support WISPr Smart Client login to access this Hotspot. If this option is selected, a field appears in which you can enter instructions for clients attempting to log in using the Smart Client application.
      • Smart Client HTTP Secure: If Smart Client is enabled, choose whether to authenticate users over HTTP or HTTPS.
  5. In Login Page, type the URL of the captive portal (the page where Hotspot users can log in to access the service).
  6. Configure optional settings as preferred:
    • In Start Page, configure where users will be redirected after successful login. You could redirect them to the page that they want to visit, or you could set a different page where users will be redirected (for example, your company website).
    • In User Session, configure session timeout and grace period, both disabled by default.
      • Session Timeout: Specify a time limit after which users will be disconnected and required to log in again.
      • Grace Period: Allow disconnected users a grace period after disconnection, during which clients will not need to re-authenticate. Enter a number in minutes, between 1 and 144,000.
  7. In the Authentication tab, select the AAA server that you want to use to authenticate users from the Authentication Server drop-down menu.
    • Options include Local Database and any AAA servers that you configured on the Configure > AAA Servers page. If a RADIUS server is selected, an additional option appears: Enable MAC authentication bypass (no redirection). Enabling this option allows users with registered MAC addresses to be transparently authorized without having to log in. A user entry on the RADIUS server needs to be created using the client MAC address as both the user name and password. The MAC address format can be configured in one of the formats listed in MAC Authentication with an External RADIUS Server.
  8. In Accounting Server (if you have an accounting server set up), select the server from the list and configure the frequency (in minutes) at which accounting data will be retrieved.
  9. In Wireless Client Isolation, choose whether clients connected to this Hotspot WLAN should be allowed to communicate with one another locally. See Advanced WLAN Options for a description of the same feature for non-Hotspot WLANs.
  10. On the Walled Garden and Policy tabs, configure optional settings as preferred:
    • In Location Information, enter Location ID and Location Name WISPr attributes, as specified by the Wi-Fi Alliance.
    • In Walled Garden, enter network destinations (URL or IP address) that users can access without going through authentication. A Walled Garden is a limited environment to which an unauthenticated user is given access for the purpose of setting up an account. After the account is established, the user is allowed out of the Walled Garden.
    • In Restricted Subnet, define L3/4 IP address access control rules for the Hotspot service to allow or deny wireless devices based on their IP addresses.
    • Under Advanced Options, enable Intrusion Prevention to temporarily block Hotspot clients that fail repeated authentication attempts. When this option is enabled, if the same station attempts to authenticate 10 times unsuccessfully within 600 seconds, the station will be blocked for 600 seconds. If the same user unsuccessfully attempts to authenticate 30 times within the same time period, the user will be blocked for 600 seconds.
  11. Click OK to save the Hotspot settings.
The page refreshes and the Hotspot service you created appears in the list. You may now assign this Hotspot service to the WLANs that you want to provide Hotspot Internet access, as described in Assigning a WLAN to Provide Hotspot Service.

The Hotspot Services page

Creating a new Hotspot service