• You have been tasked to supply the various locations of the Bean There coffee shops with:
  • A Hotspot service for the clients.
  • Secure WiFi connection for the staff.
• They have 30 locations spread across the major cities of the country.
• You've got the last batch of the TP Link WR841 (version9) from a shop at a super cheap price and flashed them all with the MESHdesk firmware.

• We assume the following information

With these information handy we can now start with Bean There using APdesk

We will take the following steps to accomplish our goal

• Create an Access Point Profile.
• Edit the new Access Point Profile.
• Flash, set and point devices to our server.
• Attach devices to the Access Point Profile.
• Manage the attached devices.

• Log into RADIUSdesk. Select APdesk from the menu to open the APDesk applet.
• Click on the Add button and specify the Access Point Profile name.

• Select the newly created Access Point Profile and click on the Edit button to set up the profile.
• This will open a new tab where you can define the characteristics of the profile.

When we open an Access Point Profile to edit there are several sub-tabs where we define how our profile will behave.

• SSIDs The various SSIDs which the Access Points that are attached to this profile will broadcast.
  • The maximum is 8 per radio. Thus on dual radio Access Points we can potentially broadcast up to 16 SSIDs!
• Exit Points Here we specify how the SSIDs will be connected to the rest of the network. Options include
  • LAN Bridge
  • Tagged LAN bridge
  • NAT with DHCP
  • Captive Portal
• Common Settings Things like time and country and how often reports from Access Points should be submitted.
• Devices List the devices attached to this profile.

With this overview behind us we can start with our requirements. We will add the two SSIDs.

• We choose both 2.4 and 5G frequency bands for each of the SSIDs though we only have single radio hardware. In future we might want to use dual radio hardware and then everything is already in place.
• For the guest / visitors (open) SSID we enable Client isolation to prevent machine to machine communication.
• On the (secured) SSID for the staff we do not enable Client isolation in case we need machine to machine communication.
• You will notice both has Connected to Exit marked in red as No. This is because we have not defined any exit points yet. This will be done next.

• There are only one Ethernet bridge available. Once it is selected and used up it will not be listed as an option any more.
• The Captive Portal type Exit Point have some values pre-populated specific to your server.
• This is set in a configuration file and needs to reflect your installation for maximum efficiency. (On Nginx based installs it sits under /usr/share/nginx/html/cake2/rd_cake/Config/ApProfiles.php)

• We choose to Auto-Add Dynamic RADIUS Client and Auto-Add Login Page. This is recommended since it reduces the administration when adding devices.

• The items in the common settings tab should be easy to understand. The Timezone effects the system time on the device so make sure it reflect the location where you are situated.
• The Devices tab should be empty since we have not attach any devices to this profile.
• Next we will set up one of our devices to be attached to this newly create Access Point Profile.

• We assume:
  • You have a Windows machine running the MESHdesk Node Config Utility
  • Set the Ethernet port to have IP Address 192.168.255.20
  • Flashed a TP-Link WR841ND with the latest MESHdesk firmware.
  • See the following screenshot of the MESHdesk Node Config Utility.
  • Note that the mode is set to Access Point

• The /etc/config/meshdesk file has various settings.
• One is the mode. It can be either mesh or ap.
• When we use the MESHdesk Node Config Utility we can set the mode of the device.
• If it is in ap mode it will go to the following URL for its configuration:
  • http://your_server_ip/cake2/rd_cake/aps/get_config_for_ap.json
• If it is in mesh mode it will go to the following URL for its configuration:
  • http://your_server_ip//cake2/rd_cake/nodes/get_config_for_node.json

config settings 'settings'
	option lan_up_file '/tmp/lan_up'
	option lan_down_file '/tmp/lan_down'
	option wifi_up_file '/tmp/wifi_up'
	option wifi_down_file '/tmp/wifi_down'
	option wifi_timeout '100'
	option config_file '/etc/MESHdesk/configs/current.json'
	option previous_config_file '/etc/MESHdesk/configs/previous.json'
	option heartbeat_interval '60'
	option config_server '192.168.255.20'
	option config_port '3000'
	option shared_secret 'verysecure'
	option heartbeat_dead_after '300'
	option gw_use_previous '1'
	option gw_auto_reboot '1'
	option first_run '1'
	option hardware 'dragino'
	option gw_dhcp_timeout '120'
	option gw_auto_reboot_time '600'
	option mode 'mesh'

• After we set oud device to run in Access Point mode we can plug it onto our network and see if it contacts our server.

• Our device started up fine and it reported to the server under Detached Devices

• Select the device and attach it to our newly create Access Point Profile. Remember to give it a descriptive name.
• You can also fine tune the radio or radios, based on the Hardware Model you select. You might want to make sure these devices are assigned non overlapping channels where they are deployed close to each other.

• This will move the device from the Detaches Devices list to the Attaches Devices list.
• Wait approximately 5 minutes for the device to auto-reboot and fetch its settings.

• APdesk offer various levels of viewing information on attached devices.
• The first level gives a basic overview.

• Should you wish to gain more insight simply select the device and click the View button to open a dedicated tab with more stats.
  • The Overview gives a detailed overview of the device including graphs of the clients connected and data used per SSID.

• The SSID to Device tab gives more detail on the clients connected in terms of data usage and connectivity.