This is an old revision of the document!
APdesk - A Practical Example
You have been tasked to supply the various locations of the Bean There coffee shops with:
They have 30 locations spread across the major cities of the country.
You've got the last batch of the TP Link WR841 (version9) from a shop at a super cheap price and flashed them all with the MESHdesk firmware.
Some info about our server
Item | Detail |
Server IP Address | 198.27.111.78 |
Server FQDN | rd01.wificity.asia |
RADIUS Shared Secret | testing123 |
SSID for Guests | BeanThere |
SSID for Staff | BeanThere Staff |
WPA2 Passphrase for staff | stayoutbuddy |
With these information handy we can now start with Bean There using APdesk
Steps involved
Create an Access Point Profile
Edit Access Point Profile
When we open an Access Point Profile to edit there are several sub-tabs where we define how our profile will behave.
SSIDs The various SSIDs which the Access Points that are associated with this profile will broadcast.
Exit Points Here we specify how the SSIDs will be connected to the rest of the network. Options include:
-
-
NAT with DHCP
Captive Portal
Common Settings Things like time and country and how often reports from Access Points should be submitted.
Devices List the devices associated with this profile.
Add the SSIDs
With this overview behind us we can start with our requirements. We will add the two SSIDs.
We choose both 2.4 and 5G frequency bands for each of the SSIDs though we only have single radio hardware. In future we might want to use dual radio hardware and then everything is already in place.
For the guest / visitors (open) SSID we enable Client isolation to prevent machine to machine communication.
On the (secured) SSID for the staff we do not enable Client isolation in case we need machine to machine communication.
You will notice bot has Connected to Exit maked in red as No. This is because we have not yet defined any exit points. This will be done next.
Add the Exit points
There are only one Ethernet bridge available. Once it is selected and used up it will not be listed as an option any more.
The Captive Portal type Exit Point have some values pre-populated specific to your server.
This is set in a configuration file and needs to reflect your installation for maximum efficiency. (On Nginx based installs it sits under /usr/share/nginx/html/cake2/rd_cake/Config/ApProfiles.php)
What If I don't select Auto-Add?
If you choose not to select the Auto-add function, you will have to add a Dynamic RADIUS client for each captive portal running on a device when you associate a device with a Access Point Profile
You will also have to link each captive portal running on a devices with a Dynamic Login Page.
The Nas-Id (a unique identifier per Captive Portal exit point) is generated using the following convention.
<AP Profile Name with underscores>