When mbox HSG is used as a hotspot gateway, providing AAA (authentication, authorization, accounting) for user access. It has extensive visibility on user info, user session info and behaviors etc.

There're two sets of user data that can be collected:

1. user profile info (user details), eg. username, email, mobile, age, country, etc etc. These are usually collected prior to user login, eg. self-signup or social media sigin.
2. user session info (access record), eg. user device, accessed time, used data volume etc etc. These are post-login RADIUS accounting data to track per user per session access usage.
3. user access logs. These are collected by mbox firewall, proxy and DNS logging to track user access details, eg. where do they go, at what time, and what are the commonly accessed sites/destinations etc. (see details here).

USER PROFILE INFO CAPTURE

There are various methods to collect user profile info, and it's a configurable setting in mbox CMS setting to determine what user info to capture. Possible capturable user info includes:

Below is a snip of the configuration options in CMS. Tick on the field you want to capture about the user, then proceed to use your preferred method to collect it.

Once you've decided what user info to capture, then go to "Login Method" tab to select user sign-in methods (how users will login to landing page). There are various methods (or user sign in options), depending on customer preferences.

• Direct login with user info. This is the simplest method. User just fill in their info and click to login. No verification required. It's easy for easy but the accuracy is not guaranteed. eg. if user puts in wrong info or intentionally fills in false info, we can't validate.

NOTE: these user info are stored as guests, inside RADIUS --> Management --> Users, under tab "Guests".

• Self-signup through email (or mobile no.). For both methods, mbox will validate user email or mobile no . Only if user fills the correct email (or mobile no.), they can receive the password for further access. This guarantees data accuracy and accountability. eg. if user abuses Internet access, it's possible to trace back to his email or mobile no. See video guide for email signup, and SMS signup.

NOTE: these user info are stored as local users, inside RADIUS --> Management --> Users, under tab "Local Users".

• Social media integration. eg. facebook or gmail, etc. mbox has built-in integration with facebook and a few other social media providers. It's configurable in the CMS setting to choose your preferred social media provider, then once user logins with their social media accounts, they get Internet access and at the same time mbox pulls down their public profiles info and store them inside local RADIUS database. The captureable info depends on user's social media account privacy settings. Only the public profile info can be retrieved and stored inside mbox. Typical info include name, email, mobile, gender, country, etc. (see related topic here).

NOTE: It's possible to combine multiple sign-in methods on the same login page. So end user can choose their own preferred methods.

User info collected can be exported out into csv for external BI analysis, and also can be used by venue owner for running marketing/email/SMS campaigns. See video example here.

USER SESSION INFO CAPTURE (access records)

Once user is authenticated (after logged in), mbox will track user access details and store them inside the RADIUS database. Below is a list of user session details captured:

Note that when a user request comes into mbox, RADIUS server has no visibility on wireless data, such as user location (eg. the connected AP Name, AP MAC, SSID etc ). Because the Wireless LAN Controller (WLC) keeps record of user MAC association with AP name and SSID etc. But normally WLC has no visibility on username if it’s an open SSID where user logins from captive portal. Also WLC can not store user session information in a persistent storage.

mbox has the capability to integrate both RADIUS session data and WLC wireless data and correlate the two sets of data using certain common parameters to report comprehensive user session details. Each time when a user authenticates via RADIUS, mbox can initiate an snmp scan to Wireless LAN Controller (WLC), using the user MAC and Start Time which are common on both devices, to correlate the user location details, eg.

This is typically offered as a value add service, where customers want to perform accurate location-based user analytics. Most of the commonly used WLC are supported, eg. Cisco, Aruba, Ruckus, etc.

All the data can be exported out into csv for external analysis on a daily/weekly/monthly basis. Attached below is a sample of the session data export. (radius_export_sample.csv).

Data Analytics (RADIUS dashboard)

mbox comes with a radius dashboard to perform basic data analytics and reporting based on above data. The reports include below list of graphs.

Attached file below includes some sample RADIUS reports. <see file RADIUS dashboard sample.pdf>

These reports can be auto scheduled to send to external emails on a daily/weekly/monthly basis.

Optional: Wireless client info (if using MAP)

The user info and session info are mostly related to user details which are capturable at the gateway level, when user traffic passes through mbox. But the gateway has no visibility on the AP nore the wireless information (unless we do snmp integration with the AP controller, which can be quite cumbersome).

mbox HSG comes with built-in wireless controller for managing MAP. If customer uses MAP as the access points, then it's possible to capture the wireless related information, such as:

Data can be exported out for external analysis. Attached is a sample wireless client export. <wireless-client-export-sample>

Below is a sample wireless controller dashboard.