Guest management console
Guest Management Console (GMC) is a user-friendly web GUI portal for non-administrator to quickly create accounts (or access vouchers), which are required for authenticating to mbox HSG/HSA captive portal before guests are granted with Internet access. GMC is only available when using mbox HSG or cloud vUAM.
GMC is widely used for below scenarios:
hotel/hostels front-officers to create accounts/vouchers upon their check-in.
shopping center Information counter to issue WiFi access voucher for visitors
office receptionist to issue temp Internet accounts for visitor or temp staff
F&B outlets to offer controlled WiFi access to genuine customers only.
Accounts/vouchers can be printed by a voucher printer (a thermal printer, similar to a POS printer), and easily issued to guests/visitors (like a small receipt). For chargeable services, hotels/hostels can tag to room bills or collect payment upon issuance of printed vouchers.
Below diagram illustrates the whole workflow.
Operator logins to GMC to create Internet access account/voucher for guest. Guest details are sent to mbox HSG which automatically generates accounts/vouchers based on the required profiles
Voucher details are displayed on the GMC console so that operator can copy down and pass to guest (if operator click on "create & display", refer to later section); or voucher/account can be automatically sent to voucher printer (if operator click on "create & printer", refer to later section).
Operator passes voucher to guest (eg. write down on the hotel room card, or handover the printed voucher receipt)
Guest logins to mbox captive portal with the given account/voucher and gets Internet access.
Following section details how to use GMC to create guest accounts.
GMC dashboard
Upon login to GMC (or if we click on "GMC" tab on the top), we see the GMC dashboard.
The "Access Profiles" defines the authorization for each created user account (or access voucher). There can be a combination of multiple enforcement/profiles for the same account. The options can be customized in "GMC setup" --> "Access config" --> "Access Profile" (refer to following sections on GMC configuration).
The "Guest Profile" enables operator to key in user information to tag to each generated account. The options can be customized in "GMC setup" --> "Access config" --> "Userinfo" (refer to following sections on GMC configuration).
The historically created accounts can be viewed by clicking on "Accounts Created" bar at the bottom.
General configuration
Once logged in, under "GMC setup" --> "Access config" --> "General". This tab defines some general settings.
Title. This is the title to show on the printed voucher, eg. "Welcome to Manila-Hotel!"
Subtitle. This is the second line to show below the main title.
ExtraPrint. By default the voucher printer will print only 1 voucher copy. Sometimes customers may request to print duplicate copies for the same voucher (eg. one copy for user, one copy for book-keeping). If we enter 1 here, the printer will print out total 2 copies.
UserType. This option defines how we want to authenticate users. If we choose "userinfo", it means we're going to authenticate users based on username & password, and we can ask to enter and capture a few user information; if we chose "pincode", the portal just requires pincode or passcode to login, and there will be no user information available. If you select "pincode" option here, the other two user-related options (MaxUsernameLength and UsernameType) will be grayed out, and under the GMC dashboard, you will see "PIN code authentication" instead of "Guest Profile" information.
MaxUsernameLength. This needs to be inline with the UsernameType. If you choose email or mobile as the voucher login username (sometimes it gets very long), we need to put the MaxUsernameLength to be more than the default 8 characters, or don't check on Active.
UsernameType. If we choose "userinfo" for UserType, it means mbox requires username & password to login, and we're going to enter user information on the GMC console. Here, we can choose username for the login voucher, either randomly generate, or use one of the userinfo as the default login username, such as email, mobile, or room no. etc (whichever options enabled under "UserInfo" tab.
PasswordType. If we choose "userinfo" for UserType, it means mbox requires username & password to login, and we're going to enter user information on the GMC console. Here, we can choose password for the login voucher, either randomly generate, or use one of the userinfo as the login password, such as email, mobile, or room no. etc (whichever options enabled under "UserInfo" tab.
Configure access profiles
Access profile defines guest access rights after they are authenticated to mbox HSG/HSA. Once logged in, under "GMC setup" --> "Access config" --> "Access Profile"
Access profiles have to be pre-created by administrator under RADIUS tab "Management" --> "Profile". GMC will automatically map to the profiles defined in RADIUS, and make the profiles available for selection to enforce user/guest access. NOTE: if you're using a legacy mbox and trying to use the latest GMC feature, you may need to do a fresh update of your RADIUS (Please refer to this guide to do so).
Click on the check box to determine if any of the profile should be visible on the main GMC menu and stay active to enforce guest access control.
There're a few options available. Note it is configurable (by admin) to turn on only certain options only (eg. Expiry and Speed etc). This is done through CLI configuration. Refer to last part of this section on how to configure it.
Time. This defines usage quota by time. This is cumulative time. For example, if we select "1 Hour" for this account, the user can login to use for 15 minutes today, and another 30 minutes tomorrow etc, until the total used time reaches 60 minutes. Note if we use both "expiry" and "time" option for a user, the account will be "watered down" to the more restricted setting, eg. an account will be disabled once it reaches its expiry date even if its time quota is not used out yet. Similarly if an account is set to 2 hours, it will be disabled after 2 hours of usage even if we set very long expiry time. This option is typically used for temporary guest access (eg. to offer free usage hours per visit or daily).
Data. This defines usage quota by data volume. This is cumulative data volume. For example, if we select "Total 10GB" for this account, the user can login to download 1GB today, and another 1GB tomorrow etc, until the total used data reaches 10GB. Note if we use both "expiry" and "data" option for a user, the account will be "watered down" to the more restricted setting, eg. an account will be disabled once it reaches its expiry date even if its data quota is not used out yet. Similarly if an account is set to 1GB, it will be disabled after 2 hours of usage even if we set very long expiry time. We can also set daily, weekly or monthly data volume plans. This option is typically used for WISP to offer data-based plans (eg. to offer free usage hours per visit or daily).
Speed. This is probably the most commonly used option. It is used to restrict/control maximum speed/bandwidth per authenticated session. For example, if we select 2Mbps, an authenticated user can only burst up to 2Mbps. This is extremely useful in a share network to prevent some users from abusing the network and causing congestion to the entire Internet link. Just click and select the desired speed for each target guest.
Device. This defines how many devices can login at the same time using the same account (eg. simultaneous use by the same account). Click to select the no. of devices. By default none is select (eg. no restriction, one account can be used at the same time by many devices).
Expiry. This defines account validity, up to certain date and time, after which the account will be expired and disabled. Click to select date and time. By default "none" is selected. Note each account has an maximum validity of 2 weeks (configurable). If none is selected here, the account will still expiry automatically after two weeks. This option is typically used for hotel guests (eg. set the expiry date/time to his/her expected checkout date/time).
Expiryafter. This expires out account after defined hours, after its first use. For example, if it's selected to 1 hour, then it will expiry 1 hour later, after its first use, irregardless if it's continuously use for one full hour or not, eg. even if the account is used for 15 mins, it will still expiry after 1 hour. Note if we use both "Expiry" and "Expiryafter" option for a user, the account will be "watered down" to the more restricted setting, eg. an account will be disabled once it reaches its expiry time&date or "expiryafter" time, whichever is sooner.
Configure user information
This is to capture user information to map to each guest account. The available fields are Name, Email, Mobile, NRIC/Passport, Room No.
Once logged in, under "GMC setup" --> "Access config" --> "Userinfo"
It is configurable to activate & display only the desirable fields, depending on the business requirements. For example, in public WiFi environment, we may just want to capture Name and Email, some places may require NRIC/Passport by law, and for hotel guest, we will want room no. etc etc.
Generate accounts
Once all required information is entered, we're ready to generate an account for this guest. By default, a random username and password will generated. However, it is configurable (by admin) to dedicate certain user info to be the username, eg. we can use email or mobile no. or room no. as the username together with a random password. In a public WiFi environment, we typically use email or mobile no. as the username; for hotel guests, we tend to use room no. as the username. (refer to next section on how to enable this option).
Create & Print. This is only available if customer has purchased a voucher printer (a thermal printer). Once the account/voucher is generated, the printer will print out voucher details (name, username & password) to be issued to guest for their Internet access login.
Create & Display. When there's no voucher printer, we select this option, and the generated account will displayed on the portal page so the operator can write down on a sticker or hotel card holder to issue to guest.
NOTE: All the created accounts are tagged to their respective operator accounts. Administrator can list and export out all guest account details from RADIUS portal (refer to this link for RADIUS access, then Management --> Users --> List Users, click on "CSV export")
Example on configuring voucher printer (configure on HSG by admin)
Printer CLI is a subset of radius-server configuration, and it defines what are the options to configure printers
printer title.... what to show up on top of the voucher (eg. Welcome to EXPO!)
printer epson ip <staticip>..... adds an Epson printer by IP, the IP should be statically configured or assigned static IP by external DHCP server, and it should be reachable to mbox. Support EPSON printer TM-T82.
printer epson mac<printer-mac-address>..... adds an Epson printer by MAC address. The printer should be connected to hotspot LAN, getting DHCP IP directly from hotspot dhcp service. Support EPSON printer TM-T82.
Below is a sample printer configuration through CLI:
!security radius-server client 127.0.0.1 key testing123 name HOTEL-HSG data-lifetime 180 printer epson mac 20-59-A0-CC-AE-7C printer title "Welcome to Manila-Hotel" subtitle "Happy living" start!Supported POS printers
EPSON TM-T82 (LAN)
STAR TSP100III (Wireless)
Video links