In this sample senario, we will build a demo setup for mbox HSA working with cloud HSG for captive portal, while functioning as a SD-WAN router.

Common use cases

1. CloudX design, where HSA is used as mini-HSG, with additional MAP or 3rd-party AP behind it to extend wireless coverage. (see details on cloudx design)

2. "Wi-Fi on the go", where HSA acts as an all-in-one device with single/dual LTE backhaul to provide Wi-Fi in buses or trains. (See video demo "bus Wi-Fi")

3. hotspot over SD-WAN, where HSA provides wireless hotspot access, on top SD-WAN connectivity. (see details)

In all of above design scenario, HSA will function as a mini-HSG utilizing below key features

1. router & firewall

2. dual-band Wi-Fi (802.11a/b/g/n/ac, wave 2)

3. hotspot controller to redirect user to external/HSG captive portal

4. dual-LTE slots (optional, for "Wi-Fi on the go")

5. SD-WAN capabilities (as an all-in-one retail solution)

and we use cloud HSG for:

1. hosting hotspot/captive portal (with CMS)

2. hotspot users database and authentication

3. analytics and reporting

Deployment preparation

• 1 x cloud HSG. Enable RADIUS and provision captive portal for HSA to use.

  • Cloud HSG can be physical appliance or VM, hosted in customer HQ or DC.

  • HSG needs to be accessible by HSA (eg. HSG needs public IP), with firewall ports open for TCP/80, TCP/443, UDP/1812, UDP/1813

• 1 x HSA-500 per site (can make use of HSA built-in Wi-Fi, together with additional AP for wireless coverage extension)

  • Connect HSA WAN port to ISP modem/ONT, and slot in dual SIM card into the LTE slots (optional, for "Wi-Fi on the go") .

• Connect management PC to HSA LAN4 port (configure PC with DHCP, then connect to mbox GUI using http://192.168.1.1/mbox, login with root/Letmein99). Follow below steps to restore sample config.

2-Step deployment from sample config

1. download sample config for HSA4-hotspot-MWAN

2. follow this video guide to deploy HSA by restoring from sample config

After configs are restored, please make two minimum changes:

• On your HSG, please add your HSA WAN IP as radius client with a redius key, or you can set 0.0.0.0/0 to allow all if they have a correct key, eg.

• On your HSA CLI, change splash.ransnet.com to point to your HSG WAN IP, and also change the portal URL to map to what's provisioned on HSG.

Sample config default settings

• the WAN port is pre-configured to get dhcp IP from ISP ONT/modem (or upstream router). If you need to change interface IP/route, please follow this guide.

• WAN port is the primary

• LTE SIMs are backup to WAN (active/active while WAN fails)

• HSA is pre-configured with vlan10, and LAN ports 1-3 are assigned to vlan10. (see details on how to configure HSA VLAN). NOTE: we don't need to assign any IP address to interface br-vlan10 (unmanaged), because the hotspot-server command will auto create tunnel IP and attach to br-vlan10.

  • HSA is also enabled with Wi-Fi, using SSID "mbox_wifi", and the SSID is assigned to vlan10 (configure HSA wireless setting).

  • (optionally) To extend Wireless coverage, connect MAP (or 3rd-party AP) to LAN port 1-3, and broadcast SSID "mbox_wifi". 

    • simply bridge mbox_wifi SSID to vlan1 on AP (it will fall into vlan10 on HSA).

    • Refer to vendor documentation on configuring wireless, or for MAP wireless config, please refer to MAP lab2.

NOTE for older/used box

• 1. upgrade your HSA box to firmware version 20190715-0030, and above (follow this guide to upgrade firmware)