mbox has a unique feature to host captive portal contents on mbox itself and deliver the page contents to users locally from mbox storage space, while mbox periodically/nightly syncs with cloud-hosted server for content updates.
In this approach, the portal contents are still centrally managed, but the user experience are significantly improved as the page contents are locally served to users without going through a public Internet connection.
There're several advantages to let mbox deliver page contents locally from mbox:
- faster responses time when login/landing page initiates, as it does not need to request to an Internet-based captive portal server (mbox.ransnet.com). This is particularly useful when mbox is deployed in a foreign country or the mbox local Internet is slow.
- reducing back-haul utilization. Since the page contents are served off from mbox local storage, there's a significant reduction on back-haul usage, especially if the login page or landing page contents are customized with video and audio contents. With this capability, it's now possible stream large video/music files to large group of users concurrently without worrying about Internet bottlenecks.
This feature is particularly useful for TVC based advertising when mbox is used as a gateway, where users are required to view a short video before mbox allows them full Internet access. The video contents are streamed through local storage without causing congestion to backhaul link. It is also needed for customers requirement payment gateway integration which allows users to purchase WiFi access plans online (in this case HSG functions as a web server).
There're a few major notes on this feature:
- managing page contents. This is the same as "cloud-hosted" portals", therefore portal contents are still centrally managed.
- we need to configure mbox to pull page contents from cloud-hosted server for a specific customer, then it will auto sync every 15 minutes for content updates (if you need immediate refresh, just reboot mbox and it will try to sync for updates while booting up, but make sure mbox is online first).
- we need to configure a loopback interface with an un-used IP address (eg. 22.214.171.124/32), and this IP will be our future portal server IP to deliver page contents. NOTE: don't use 126.96.36.199 as the loopback IP, it's the default for Cisco WLC and it will not route user traffic to HSG.
- we need to configure DNS re-write to point splash.ransnet.com to the loopback Interface (eg. 188.8.131.52)
- configure hotspot instance to use splash.ransnet.com as our portal URL, https://splash.ransnet.com/<partnerid>/<customer-id>/login.php
- under "security hotspot xx", the DNS name-server assigned to client must be hotspot-server IP (in this case, mbox acts as a name-server proxy for internal client users), client-dhcp-dns <hotspot-server ip>
- Configure firewall-input rules to permit http & https access to mbox for traffic coming from hotspot vlan. Because in this case, HSG function as a webserver to deliver the portal pages. (but this is not needed for cloud-hosted portals)
- local-hosted portal does not support social media integration
- the loopback (eg. 184.108.40.206) has to be an unique IP address that's not used in any other parts of the network.
CONFIGURATION EXAMPLE!!hostname mbox!interface eth0 enable ip address dhcp!interface eth1 enable bridge-group 0!interface eth2 enable bridge-group 0!interface eth3 enable bridge-group 0!interface bridge 0 enable ip address 172.16.1.1/24!!configure a local loopback Interface to serve page contentsinterface loopback enable ip address 220.127.116.11/32!!enable DNS re-write for splash.ransnet.com URLip host splash.ransnet.com 18.104.22.168 rewrite!ip name-server 22.214.171.124 126.96.36.199!!pull cloud/FTP contents to local foldermfusion portal splash.ransnet.com ftpcontent <partnerid> <customerid>!!enable redirect for DNS requests (redirect to local DNS for rewrite)firewall-dnat 10 redirect all udp dport 53 rdport 53!!allow web access for LAN users to HSG itselffirewall-input 11 permit all tcp dport 80 src 172.16.1.0/24firewall-input 12 permit all tcp dport 443 src 172.16.1.0/24!firewall-snat 1 overload outbound eth0!security radius-server client 127.0.0.1 key testing123 name LOCAL start!security hotspot br0 hotspot-owner RansNet hotspot-wan eth0 hotspot-server 172.16.1.1 ports 5001 5002 client-network 172.16.1.0 255.255.255.0 client-dhcp 172.16.1.20 255.255.255.0 lease 7200 client-dhcp-dns 172.16.1.1 client-static 172.16.1.2 255.255.255.248 client-mac-bypass 20-59-a0-cc-ad-d4,20-59-a0-cc-ae-48,20-59-a0-cc-ae-44 allowed-domain .ransnet.com!allow direct access to local URL allowed-url 172.16.1.1,188.8.131.52 redirect-url http://www.baidu.com radius-server localhost testing123 hotspot-online-portal http://splash.ransnet.com/<partnerid>/<customerid>/index.php start!
- for cloud-hosted portal, the portal URL is http://mbox.ransnet.com/<partnerid>/<customerid>/login.php
- for local-hosted portal, the portal URL is http://splash.ransnet.com/<partnerid>/<customerid>/index.php
- if you've enabled proxy or ads injection on the same box, please bypass dnat for local loopback ip. refer to proxy configure guide.
Attached is a complete config example:
- demo is the partnerid
- login requires user login
- login-reg requires user login with a self-registration template
- tos doesn't require login, just accept "terms of service" and connect