Allied Telesis AT-WR4500 manual HotSpot Server Profiles, Submenu level /ip hotspot profile

10.1.4HotSpot Server Profiles

Submenu level: /ip hotspot profile

Property Description

dns-name(text) - DNS name of the HotSpot server. This is the DNS name used as the name of the HotSpot server (i.e., it appears as the location of the login page). This name will automatically be added as a static DNS entry in the DNS cache

hotspot-address(IP address; default: 0.0.0.0) - IP address for HotSpot service

html-directory(text; default: hotspot) - name of the directory (accessible with FTP), which stores the HTML servlet pages (when changed, the default pages are automatically copied into specified directory if it does not exist already)

http-cookie-lifetime(time; default: 3d) - validity time of HTTP cookies

http-proxy(IP address; default: 0.0.0.0) - address of the proxy server the HotSpot service will use as a [parent] proxy server for all those requests intercepted by Universal Proxy system and not defined in the /ip proxy direct list. If not specified, the address defined in parent-proxyparameter of /ip proxy. If that is absent as well, the request will be resolved by the local proxy

login-by(multiple choice: cookie http-chap http-pap https mac trial; default: cookie,http-chap) - which authentication methods to use

cookie - use HTTP cookies to authenticate, without asking user credentials. Other method will be used in case the client does not have cookie, or the stored username and password pair are not valid anymore since the last authentication. May only be used together with other HTTP authentication methods (HTTP-PAP, HTTP-CHAP or HTTPS), as in the other case there would be no way for the cookies to be generated in the first place

http-chap- use CHAP challenge-response method with MD5 hashing algorithm for hashing passwords. This way it is possible to avoid sending clear-text passwords over an insecure network. This is the default authentication method

http-pap- use plain-text authentication over the network. Please note that in case this method will be used, your user passwords will be exposed on the local networks, so it will be possible to intercept them https - use encrypted SSL tunnel to transfer user communications with the HotSpot server. Note that in order this to work, a valid certificate must be imported into the router (see a separate manual on certificate management)

mac - try to use client's MAC address first as its username. If the matching MAC address exists in the local user database or on the RADIUS server, the client will be authenticated without asking to fill the login form

trial - does not require authentication for a certain amount of time

mac-auth-password(text) - if MAC authentication is used, this field can be used to specify password for the users to be authenticated by their MAC addresses

nas-port-type(text; default: wireless-802.11) - NAS-Port-Type attribute value to be sent to the RADIUS server

radius-accounting(yes no; default: yes) - whether to send RADIUS server accounting information on each user once in a while (the "while" is defined in the radius-interim-updateproperty) radius-default-domain(text; default: "") - default domain to use for RADIUS requests. It allows to select different RADIUS servers depending on HotSpot server profile, but may be handful for single RADIUS server as well.

radius-interim-update(time received; default: received) - how often to sent cumulative accounting reports.

0s - same as received

received - use whatever value received from the RADIUS server

radius-location-id(text) - Raduis-Location-Id attribute value to be sent to the RADIUS server radius-location-name(text) - Raduis-Location-Name attribute value to be sent to the RADIUS server rate-limit(text; default: "") - Rate limitation in form of rx-rate[/tx-rate][rx-burst-rate[/tx-burst- rate] [rx-burst-threshold[/tx-burst-threshold][rx-burst-time[/tx-burst-time]]]] [priority] [rx-rate-min[/tx-rate-min]]from the point of view of the router (so "rx" is client upload, and "tx" is client download). All rates should be numbers with optional 'k' (1,000s) or 'M' (1,000,000s). If tx-rate is not specified, rx-rate is as tx-rate too. Same goes for tx-burst-rate and tx-burst-threshold and tx-burst- time. If both rx-burst-threshold and tx-burst-threshold are not specified (but burst-rate is specified), rx- rate and tx-rate is used as burst thresholds. If both rx-burst-time and tx-burst-time are not specified, 1s is used as default. rx-rate-min and tx-rate min are the values of limit-at properties