What equipment is the most suitable?

Owned by JaroslavK (Unlicensed)
Last updated: Aug 10, 2016 by Zdenek Sidney Hornych
2 min read

 

Your equipment should be capable to support 3 following features:

  1. External Captive Portal
  2. External SOCIFI RADIUS
  3. DNS-based Walled Garden

1. External Captive Portal

The picture below doesn't describe how SOCIFI works, but it should give you info about what your equipment should be able to do.

If your equipment is capable of it and is NOT presented in our equipment compatibility list please send us specifications, manuals and anything else where the title How to configure External Captive Portal or similar is mentioned.

2. External SOCIFI RADIUS

Our RADIUS servers are located in the Amazon AWS Cloud and they need to be accessed through the internet. Our servers are located in many locations from which you should select the closest one.

We always prefer to use our own RADIUS. The Non-SOCIFI RADIUS can be used as well however it could cause the potential time delay and extra costs could be involved.

 

3. DNS-based Walled Garden

On the internet a Walled Garden is an environment that controls the user's access to any web content and services. An Internet Service Provider (ISP) may or may not allow users to select some of the Web sites contained or barred from the allowed garden. You may find other terms used such as: ACL, IP rules etc. The goal is the same: to be able to access certain servers BEFORE authentication.

If it comes to SOCIFI we need to have the access to our servers and if the social media network authorization is needed - also access to their servers. 

In the past it was sufficient to enter the IP of the specific server - and that worked until the IP was changed. And this is it - in the new age of cloud-based services the IP address can change any time and thus the static IP address is not enough anymore. Therefore, there is a need of more flexible solution - which is the DNS. Even the wide range of IP will not always work because for example Facebook uses hundreds of  IP's at the same time and the range is changing all the time. Please note that some vendors allow the limited amount of entries for the IP ranges (e.g. 64 only).

 That's why SOCIFI (and all services using the cloud solution) need the DNS-based Walled Garden and not the IP-based Walled Garden.

DNS-Based Walled Garden is an essential for correct behavior of SOCIFI

Considerations:

  • some vendors would allow to enter the DNS name, but this is then resolved to IP and then they are used in the same way as static IP
  • some vendors can allow a wide range of IP (as a workaround) which can lead to a security breach
  • the DNS-based Walled Garden also allows the use of subdomains, e.g.:  *.google.com or accounts.google.com etc.

 

Practical example and useful links


Other features

Bandwith/speed limit and session timer management

To control the bandwidth/speed limit and the session timer we use Account attributes on RADIUS servers. These attributes are sent per user after successful authentication of the user. SOCIFI uses attributes described in Wi-Fi Alliance - Wireless ISP Roaming - Best Current Practices v1 - WISPr.  Vendors who are already supporting the bandwidth management are either using WISPr specs or use their own specs. Please tell us if you can control the bandwidth management and what way do you use. In the case it's your own protocol we will need the description and your cooperation.

Proxy Server

The deployment of In-Session feature requires ability to configure Proxy Server

Cloud management

Cloud management is something your customer would appreciate.

 

If your equipment is capable of it and is NOT presented in our equipment compatibility list please send us specifications, manuals and anything else where the title How to configure Walled Garden / White list or similar is mentioned.

See also What we need to know about your network?