Xirrus

Owned by Support (Unlicensed)
Last updated: Mar 09, 2017 by Zdenek Sidney Hornych
4 min read

Tested versions:

ModelTypeFirmware versionDescriptionLimitations

XR-620

*Note

AP7.0.2 Build: 4948
AP + controller
no speed control

Note:  AP by Xirrus is a separate modular device containing both the controller and radio control modules.

 *Note by vendor: by testing with the XR-600, you cover interoperability with all Xirrus products, except the X2 & XR-320

Version XR-620 has two independent radio modules operating on either 2.4 GHz or 5 GHz switchable in management. The device is fully compatible with SOCIFI. This unit has a throughput of about 867 Mbps and serves 240 users (120 per one radio). On the market there are more powerful units. A DHCP server uses an external DHCP server in the network where it is connected, you can define internal DHCP server. The configuration is then more complex. 

MAC address for administration

MAC address, needed for setting in the SOCIFI Dashboard, is available after sign in to the web portal of device management console. In the tab Array / Information MAC addresses are listed next to the names of Ethernet interface, specifically for values Gigabit 1 and Gigabit 2. During the tests it was proofed that both gigabit interfaces are standardly connected to 802.3ad Trank, so that they are presented in the admin system only by the MAC address port Gigabit 1.

 Setting SSID, Hotspot, Radius Server and WalledGarden

Setting of these services can be found in the menu SSIDs / SSID Management. Given that the SSID of the network can not be edited later, it is necessary to know the desired name in the beginning. Otherwise, you need to select the entire section again, including the gradual entry WalledGarden domain. Create SSID networks (in the table fill in the name next to the Create button and then click on to create). Then for the selected SSID enter the following parameters:


Enabled:✔ check
Brdcst:✔ check
Band:select desired band or e.g. Both
VLAN ID:select (none)
VLAN ID/Number:leave empty
QoS:select 0
DHCP Pool:select (none)
DHCP Pool /Opt:do not check
Filter List:select (none)
Encryption/Authentication:select None/Open
Encryption/Authentication/Global:do not check
Xirrus Roaming:select Off
WPR:✔ check
Fallback:select None
Mobile Device Management:select None


In paragraph SSID Limits do not restrict anything, leave everything at the default settings:

Stations:set unlimited
Overall Trafic (Packet/Sec):✔ check Unlimited
Overall Trafic (Kbps):✔ check Unlimited
Trafic per Stations (Packet/Sec):✔ check Unlimited
Trafic per Stations (Kbps):✔ check Unlimited
Days Active:✔ check all (Everyday, Sun, Mon, Tue, Wed, Thu, Fri, Sat)
Time Active:✔ check Always

 


Paragraph Web Page Redirect Configuration set according to the following options:

Landing Page URL:leave empty
Background Image:leave default value, no impact to functionality
Logo Image:leave default value, no impact to functionality
Header Text File:leave default value, no impact to functionality
Footer Text file:leave default value, no impact to functionality
Server:select option External Login
Timeout (seconds):leave default value, no impact to functionality
Radius Authentication Type:leave default value, no impact to functionality
HTTPS:leave default value, no impact to functionality
Redirect URL:set http://connect.socifi.com/
Redirect Secretleave empty


It is necessary to enter SSID WalledGarden setting gradually one after another domain including the prefix "*".

Enter following Walled garden ranges:

If you are a customer with the White Label solution, please add your custom domain (for example *.mycustomdomain.com) to the Walled Garden list.

*.socifi.com
*.facebook.com
*.akamaihd.net
*.akamai.net
*.edgecastcdn.net
twitter.com
*.twitter.com
*.twimg.com
*.fastly.net
*.li-cdn.net
*.cloudfront.net
facebook.com
*.fbcdn.net
*.instagram.com
*.cdninstagram.com
instagram.com
*.linkedin.com
*.licdn.com
linkedin.com

facebook.com and twitter.com (Yes, twice. Once with and once without the asterisk)

 If you are you using Ruckus equipment, don't forget to set CDN IP ranges to the Walled Garden List.

 

Due to Ruckus firmware behavior end-user devices might not be able to reach some (mainly CDN and cloud) domains from walled garden list. This can cause wrong rendering of the captive portal.

The new IP ranges (indented in the list below) were added on April 2018.
Actual list of Amazon CloudFront (CDN) IPs is here: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/LocationsOfEdgeServers.html (direct link to IPs list in JSON format: https://ip-ranges.amazonaws.com/ip-ranges.json) 

As a workaround you have to add static IP's shown bellow to adjust firmware behavior and to be able to start monetizing your network immediately.

Work-around solution is to add the following IP ranges to the Walled Garden List:

13.32.0.0/15
13.35.0.0/16
13.54.63.128/26
13.59.250.0/26
34.195.252.0/24
35.162.63.192/26
52.15.127.128/26
52.46.0.0/18
52.52.191.128/26
52.57.254.0/24
52.66.194.128/26
52.78.247.128/26
52.84.0.0/15
52.199.127.192/26
52.212.248.0/26
52.220.191.0/26
52.222.128.0/17
54.182.0.0/16
54.192.0.0/16
54.230.0.0/16
54.233.255.128/26
54.239.128.0/18
54.239.192.0/19
54.240.128.0/18
70.132.0.0/18
71.152.0.0/17
99.84.0.0/16
143.204.0.0/16
204.246.164.0/22
204.246.168.0/22
204.246.174.0/23
204.246.176.0/20
205.251.192.0/19
205.251.249.0/24
205.251.250.0/23
205.251.252.0/23
205.251.254.0/24
216.137.32.0/19

 Want to Allow Google+ login?

The new Allow login through social networks does not include the Google login. The reason is that some Android based devices are not redirected to the Captive Portal when the user gets connected to WiFi network. In case you'd like to add it you need to do following:

  1. Check if your hotspot allows DNS names in the Walled garden. Some hotspots can use IP addresses only. See: Why DNS-based Walled Garden (and not IP-based)
  2. Allow Google+ login: Settings > Brand > Authentication > Allow login through social networks > Set on Allow Google login
  3. Add these walled garden domain into existing list:

Google+ Login DNS's

Please adopt same format your Walled garden is already using e.g. with or without the asterisk, separated by comma or space etc.

 For Cisco Meraki, Ruckus, Xirrus
*.googleapis.com
*.googleusercontent.com
*.gstatic.com
*.accounts.youtube.com
*.apis.google.com
*.accounts.google.com
*.l.google.com

The local accounts.google.XX domain must be added into the Walled Garden list. For example accounts.google.co.uk for United Kingdom, accounts.google.com.sg for Singapore, accounts.google.de for Germany etc. Google domains list you can find at https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/List_of_Google_domains.html

 For Open Mesh
googleapis.com,googleusercontent.com,gstatic.com,accounts.youtube.com,apis.google.com,accounts.google.com,l.google.com

The local accounts.google.XX domain must be added into the Walled Garden list. For example accounts.google.co.uk for United Kingdom, accounts.google.com.sg for Singapore, accounts.google.de for Germany etc. Google domains list you can find at https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/List_of_Google_domains.html

 For Mikrotik
/ip hotspot walled-garden
add dst-host=*.googleapis.com
add dst-host=*.googleusercontent.com
add dst-host=*.gstatic.com
add dst-host=*.accounts.youtube.com
add dst-host=*.apis.google.com
add dst-host=*.accounts.google.com
add dst-host=*.l.google.com
add dst-host=accounts.google.com

The local accounts.google.XX domain must be added into the Walled Garden list. For example accounts.google.co.uk for United Kingdom, accounts.google.com.sg for Singapore, accounts.google.de for Germany etc. Google domains list you can find at https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/List_of_Google_domains.html

 For DD-WRT
googleapis.com googleusercontent.com gstatic.com accounts.youtube.com apis.google.com accounts.google.com l.google.com

The local accounts.google.XX domain must be added into the Walled Garden list. For example accounts.google.co.uk for United Kingdom, accounts.google.com.sg for Singapore, accounts.google.de for Germany etc. Google domains list you can find at https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/List_of_Google_domains.html

Related pages:

The Splash Page is not triggered when Android devices connect to WiFi


Pages related to Walled Garden issues


In the following paragraph SSID Authentication Service Configuration set parameters of an external RADIUS server for authentication:

 

Authentication Server:select option External radius
Primary Host/IP Address:enter the appropriate RADIUS server by region
Primary Port:set 1812
Primary Shared Secret:enter socifi  (Case-sensitive)
Primary Verify Secret:enter socifi (Case-sensitive)
Secondary Host/IP Address:enter the appropriate RADIUS server by region
Secondary Port:set 1812
Secondary Shared Secret:enter socifi (Case-sensitive)
Secondary Verify Secret:enter socifi (Case-sensitive)
Timeout (seconds):set 600
Accounting:✔ check
Primary Host/IP Address:enter the appropriate RADIUS server by region
Primary Port:set 1813
Primary Shared Secret:enter socifi (Case-sensitive)
Primary Verify Secret:enter socifi (Case-sensitive)
Secondary Host/IP Address:enter the appropriate RADIUS server by region
Secondary Port:set 1813
Secondary Shared Secret:enter socifi (Case-sensitive)
Secondary Verify Secret:enter socifi (Case-sensitive)
Interval (seconds):set 300


We recommend to use this set of RADIUS servers:
 


 List of RADIUS according to your location:
 For North America

RADIUS Server 1

rad-1-use-1.socifi.com or IP address: 52.7.148.174, Radius shared secret: socifi

RADIUS Server 2

rad-2-use-1.socifi.com or IP address: 52.55.217.23, Radius shared secret: socifi

 For Europe and Africa

RADIUS Server 1

rad-1-euw-1.socifi.com or IP address: 52.209.184.212, Radius shared secret: socifi

RADIUS Server 2

rad-2-euw-1.socifi.com or IP address: 52.50.155.202, Radius shared secret: socifi

 For Asia-Pacific

RADIUS Server 1

rad-1-euw-1.socifi.com or IP address: 52.209.184.212, Radius shared secret: socifi

RADIUS Server 2

rad-2-euw-1.socifi.com or IP address: 52.50.155.202, Radius shared secret: socifi

In order to have the Radius communication working fine, the IP addresses (above) and the ports 1812 Auth and 1813 Acc must be accessible.


Next, change the setting of Radius parameters in the menu Security / External Radius and change the following attributes in paragraph Radius Attribute Formatting. Others leave in the default settings.

 

Called-Station-Id Attribute Format:choose Ethernet-MAC
Station MAC Format:select _*UC-hyphenated [XX-XX-XX-XX-XX-XX]
Accounting:enable by ✔ check On



 Wireless Setting

In the menu SSIDs / Active IAPs assign to individual rai wireless modules SSID configuration by checking the appropriate cell in the table.

Finally, still be sure to enable wireless radio modules and in the menu IAPs / IAPs Settings by switching enableat competent modules.

Add a new hotspot to SOCIFI Dashboard

Step 1: Login to SOCIFI Dashboard

Step 2: Click on the "Hotspots" tab on the left sidebar

Step 3: Click on the “Add a new hotspot” button located on the top right corner on the screen (pictured below)

Note: A pop-up window will appear (below)

Step 4: Select the Wi-Fi hardware manufacturer from the drop down menu

Step 5: Enter the serial number or MAC address (depending on the specific equipment manual) of your equipment. You can add multiple hotspots at once.

Step 6: Set your Network location (this step is essential for correct ad targeting)

Step 7: In the pop-up window type your location or just move the marker on the map and click on the save button to confirm the selection. This address is used for ad GEO targeting.

Step 7: Click Save

Note: Newly added hotspot are marked as  (Hotspot pending). After the first user connects to the hotspot via SOCIFI, the status will automatically change and appear as  (Active) within an hour. Get your first connections to test if it works properly.