RADIUSdesk

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
user_guide:apd_practical [2016/05/10 15:42]
admin [Edit Access Point Profile]
user_guide:apd_practical [2016/05/11 11:17] (current)
admin [Edit Access Point Profile]
Line 13: Line 13:
 | Server FQDN   | rd01.wificity.asia ​ | | Server FQDN   | rd01.wificity.asia ​ |
 | RADIUS Shared Secret | testing123 | | RADIUS Shared Secret | testing123 |
-| SSID for Guests | BeanThere ​ | +| SSID for Guests | Bean There  | 
-| SSID for Staff | BeanThere ​Staff |+| SSID for Staff | Bean There Staff |
 | WPA2 Passphrase for staff | stayoutbuddy | | WPA2 Passphrase for staff | stayoutbuddy |
  
Line 22: Line 22:
  
 ====== Steps involved ====== ====== Steps involved ======
-  * We will take the following steps to accomplish our goal +We will take the following steps to accomplish our goal 
-     - Create an Access Point Profile. +  ​* ​Create an Access Point Profile. 
-     - Edit the new Access Point Profile. +  ​* ​Edit the new Access Point Profile. 
-     - Flash, set and point devices to our server. +  ​* ​Flash, set and point devices to our server. 
-     - Attach devices to the Access Point Profile. +  ​* ​Attach devices to the Access Point Profile. 
-     - Manage the attached devices.+  ​* ​Manage the attached devices.
  
-===== Create an Access Point Profile =====+ 
 + 
 +--------------- 
 + 
 +====== Create an Access Point Profile ​======
   * Log into RADIUSdesk. Select **APdesk** from the menu to open the **APDesk** applet.   * Log into RADIUSdesk. Select **APdesk** from the menu to open the **APDesk** applet.
   * Click on the **Add** button and specify the Access Point Profile name.   * Click on the **Add** button and specify the Access Point Profile name.
Line 36: Line 40:
   * This will open a new tab where you can define the characteristics of the profile.   * This will open a new tab where you can define the characteristics of the profile.
  
-===== Edit Access Point Profile =====+------------------------ 
 + 
 +====== Edit Access Point Profile ​======
 When we open an Access Point Profile to edit there are several sub-tabs where we define how our profile will behave. When we open an Access Point Profile to edit there are several sub-tabs where we define how our profile will behave.
-  * **SSIDs** The various SSIDs which the Access Points that are associated with this profile will broadcast. ​+  * **SSIDs** The various SSIDs which the Access Points that are attached to this profile will broadcast. ​
     * The maximum is 8 per radio. Thus on dual radio Access Points we can potentially broadcast up to 16 SSIDs!     * The maximum is 8 per radio. Thus on dual radio Access Points we can potentially broadcast up to 16 SSIDs!
-  * **Exit Points** Here we specify how the SSIDs will be connected to the rest of the network. Options include:+  * **Exit Points** Here we specify how the SSIDs will be connected to the rest of the network. Options include
     * LAN Bridge     * LAN Bridge
     * Tagged LAN bridge     * Tagged LAN bridge
Line 46: Line 52:
     * Captive Portal     * Captive Portal
   * **Common Settings** Things like time and country and how often reports from Access Points should be submitted.   * **Common Settings** Things like time and country and how often reports from Access Points should be submitted.
-  * **Devices** List the devices ​associated with this profile.+  * **Devices** List the devices ​attached to this profile.
  
-==== Add the SSIDs ====+===== Add the SSIDs =====
  
 With this overview behind us we can start with our requirements. We will add the two SSIDs.  ​ With this overview behind us we can start with our requirements. We will add the two SSIDs.  ​
Line 56: Line 62:
   * For the guest / visitors (open) SSID we enable **Client isolation** to prevent machine to machine communication.   * For the guest / visitors (open) SSID we enable **Client isolation** to prevent machine to machine communication.
   * On the (secured) SSID for the staff we do not enable **Client isolation** in case we need machine to machine communication.   * On the (secured) SSID for the staff we do not enable **Client isolation** in case we need machine to machine communication.
-  * You will notice ​bot has **Connected to Exit** ​maked in red as **No**. This is because we have not yet defined any exit points. This will be done next.+  * You will notice ​both has **Connected to Exit** ​marked ​in red as **No**. This is because we have not defined any exit points ​yet. This will be done next.
  
-==== Add the Exit points ====+===== Add the Exit points ​=====
   * There are only one **Ethernet bridge** available. Once it is selected and used up it will not be listed as an option any more.   * There are only one **Ethernet bridge** available. Once it is selected and used up it will not be listed as an option any more.
   * The Captive Portal type Exit Point have some values pre-populated specific to your server. ​   * The Captive Portal type Exit Point have some values pre-populated specific to your server. ​
Line 67: Line 73:
 </​WRAP>​ </​WRAP>​
   * We choose to Auto-Add Dynamic RADIUS Client and Auto-Add Login Page. This is recommended since it reduces the administration when adding devices.   * We choose to Auto-Add Dynamic RADIUS Client and Auto-Add Login Page. This is recommended since it reduces the administration when adding devices.
 +{{:​user_guide:​apdesk:​bt_cp_1.png?​nolink|}}
 +
 +
 +{{:​user_guide:​apdesk:​bt_cp_2.png?​nolink|}}
 <WRAP center round help 90%> <WRAP center round help 90%>
-==== What If I don't select Auto-Add? ==== +===== What If I don't select Auto-Add? ​===== 
-  * If you choose not to select the Auto-add function, you will have to add a Dynamic RADIUS client for each captive portal running on a device when you associate ​a device ​with a Access Point Profile+  * If you choose not to select the Auto-add function, you will have to add a Dynamic RADIUS client for each captive portal running on a device when you attach ​a device ​to an Access Point Profile
   * You will also have to link each captive portal running on a devices with a Dynamic Login Page.   * You will also have to link each captive portal running on a devices with a Dynamic Login Page.
 </​WRAP>​ </​WRAP>​
 <WRAP center round tip 90%> <WRAP center round tip 90%>
-The Nas-Id (a unique ​identifier ​per Captive Portal exit point) is generated using the following convention. +The NAS-Id (a unique ​Identifier ​per Captive Portal exit point) is generated using the following convention. 
-<​AP ​Profile ​Name with underscores>+  * Bean_There_ZA-Sandton-1_cp_27 
 +    * The first bit is the Access Point Profile ​name underscored. (Bean_There) 
 +    * The second bit is the Device name (ZA-Sandton-1) 
 +    * The last bit is **cp** for Captive Portal. 
 +    * Finally a number. This number is the Exit Point ID in the database.  
 +    * Remember we can potentially run <wrap em>up to 16 Captive Portals</​wrap>​ on a single device! That's why we stick to numbers here.
 </​WRAP>​ </​WRAP>​
  
 +===== Common Settings and Devices =====
 +  * The items in the common settings tab should be easy to understand. The Timezone effects the system time on the device so make sure it reflect the location where you are situated.
 +  * The Devices tab should be empty since we have not attach any devices to this profile.
 +  * Next we will set up one of our devices to be attached to this newly create Access Point Profile.
 +
 +------------------------------
 +
 +====== Flash, set and point devices to our server ======
 +  * We assume:
 +    *  You have a Windows machine running the **MESHdesk Node Config Utility**
 +    * Set the Ethernet port to have IP Address 192.168.255.20
 +    * Flashed a TP-Link WR841ND with the latest MESHdesk firmware.
 +    * See the following screenshot of the **MESHdesk Node Config Utility**. ​
 +    * Note that the mode is set to <wrap em>​Access Point</​wrap>​
 +
 +{{:​user_guide:​apdesk:​841_ap_mode.png?​nolink|}}
 +===== For the technical minded wanting to know how things work =====
 +
 +  * The ///​etc/​config/​meshdesk//​ file has various settings.
 +  * One is the mode. It can be either **mesh** or **ap**.
 +  * When we use the **MESHdesk Node Config Utility** we can set the mode of the device.
 +  * If it is in **ap** mode it will go to the following URL for its configuration:​
 +    * http://​your_server_ip/​cake2/​rd_cake/​aps/​get_config_for_ap.json
 +  * If it is in **mesh** mode it will go to the following URL for its configuration:​
 +    * http://​your_server_ip//​cake2/​rd_cake/​nodes/​get_config_for_node.json
 +
 +<code bash>
 +config settings '​settings'​
 + option lan_up_file '/​tmp/​lan_up'​
 + option lan_down_file '/​tmp/​lan_down'​
 + option wifi_up_file '/​tmp/​wifi_up'​
 + option wifi_down_file '/​tmp/​wifi_down'​
 + option wifi_timeout '​100'​
 + option config_file '/​etc/​MESHdesk/​configs/​current.json'​
 + option previous_config_file '/​etc/​MESHdesk/​configs/​previous.json'​
 + option heartbeat_interval '​60'​
 + option config_server '​192.168.255.20'​
 + option config_port '​3000'​
 + option shared_secret '​verysecure'​
 + option heartbeat_dead_after '​300'​
 + option gw_use_previous '​1'​
 + option gw_auto_reboot '​1'​
 + option first_run '​1'​
 + option hardware '​dragino'​
 + option gw_dhcp_timeout '​120'​
 + option gw_auto_reboot_time '​600'​
 + option mode '​mesh'​
 +</​code>​
 +
 +  * After we set oud device to run in Access Point mode we can plug it onto our network and see if it contacts our server.
 +
 +---------
 +
 +====== Attach devices to the Access Point Profile ======
 +  * Our device started up fine and it reported to the server under **Detached Devices**
 +{{:​user_guide:​apdesk:​detached_devices.png?​nolink|}}
 +  * Select the device and attach it to our newly create Access Point Profile. Remember to give it a descriptive name.
 +  * You can also fine tune the radio or radios, based on the Hardware Model you select. You might want to make sure these devices are assigned non overlapping channels where they are deployed close to each other.
 +{{:​user_guide:​apdesk:​attach_device.png?​nolink|}}
 +  * This will move the device from the **Detaches Devices** list to the **Attaches Devices** list.
 +  * Wait approximately 5 minutes for the device to auto-reboot and fetch its settings.
 +
 +---------
  
 +====== View Attached Devices ======
 +  * APdesk offer various levels of viewing information on attached devices.
 +  * The first level gives a basic overview.
 +{{:​user_guide:​apdesk:​ad_view_1.png?​nolink|}}
 +  * Should you wish to gain more insight simply select the device and click the **View** button to open a dedicated tab with more stats.
 +    * The **Overview** gives a detailed overview of the device including graphs of the clients connected and data used per SSID.
 +{{:​user_guide:​apdesk:​ad_view_2.png?​nolink|}}
 +    * The **SSID to Device** tab gives more detail on the clients connected in terms of data usage and connectivity.
 +{{:​user_guide:​apdesk:​ad_view_3.png?​nolink|}}