RansNet HotSpot Gateway (HSG) authorizes guest Internet access over a captive portal, added with granular user access control and security enforcement. It allows enterprises or venue owners (hotels, malls, clubs, F&B, stadiums, etc) to offer flexible and differentiated Internet access for guests, VIP members or visitors. 

Sitting at the Internet edge, HSG manages user Internet access through a few key modules:

• • Router, stateful firewall, DHCP server

  • HotSpot Access Controller (hotspot instance)

  • Captive Portal (CP)

  • Authentication Authorization and Accounting (AAA, also called RADIUS).

One HSG can support multiple instances of HotSpot Access Controller. Typically each instance maps to each network (VLAN or physical interface). It's possible to enforce different access controls for different instances (eg. different login options with different portals, different bandwidth control policies etc).

HSG captive portal is a built-in web server that prompts user with a customizable web login page. It interacts with Access Controller and AAA/RADIUS server to authenticate users. It can also integrate with RansNet cloud ads server to stream pop-up ads.

HSG AAA server (or RADIUS server) validates user credentials, and passes user access profiles/policies (bandwidth per user, session time, volume/usage, etc) to the Access Controller for enforcement.

User access flow with HSG

Below is a typical new user access flow:

• 1. User device (mobile device or computer) connects to a LAN port or wireless SSID. 

     • For wireless access, the AP/WLC will bridge SSID to a VLAN and trunk to HSG

     • For LAN access, the switchport will be allocated to a access VLAN and trunk HSG

     • HSG will issue DHCP address to client device from the respective VLAN/network.

  2. Once device gets a DHCP IP address, it will auto initiate a browsing request to a URL/FQDN, as a default Internet connection detection feature. Exact destination URL depends on device type/OS. However, before the browsing request can be sent, there's a DNS lookup for the destination URL/FQDN. If the DNS lookup fails (either due to upstream connection issue or firewall blocking), this request will not be sent and the rest of the steps can not continue. User will likely see a blank page or nothing comes out at all.

  3. HSG Access controller intercepts the browsing request and redirects it to a captive portal login page. NOTE: due to security consideration, each redirect is session specific (can't be refreshed and timeout is short). If there's a slow wireless connection, the redirect may expiry and user may receive a blank/error page. User needs to off/on the Wi-Fi to retry (start from step #1 again)

  4. (optional) if pop-up ads is enabled (integrated with RansNet cloud ads server), user will see a pop-up ads, before proceeding to the login page.

  5. From login page, user enters username & password (or performs new registration, based on portal settings), which is sent to RADIUS server for validation/authentication. NOTE: Different sign-in options (eg. Email or SMS OTP) may have additional sub-steps here.

  6. Once authentication successful, HSG Access Controller grants user access and enforces respective rights given by RADIUS profile setting.