Login

If the external gateway sends a "Login" request in an XML file, the Public Spot activates online access for the corresponding user. A "Login" request contains the attribute COMMAND="RADIUS_LOGIN".

If the Public Spot does not use a RADIUS server, a "login" request prompts it to store the user and the associated MAC address directly in the internal Status table. As a result, the user is immediately authenticated in future, and there is no need to display a login page for entering the username and password.

When you operate a RADIUS server, a 'login' request can only be successfully processed if the login data of the corresponding user already exists on the RADIUS server.

Note: The Web API in the Public Spot provides you with a convenient tool for creating new Public Spot users on the device's internal RADIUS server.

The XML interface can process the following XML elements in the login request:

SUB_USER_NAME
User name
SUB_PASSWORD
User password
SUB_MAC_ADDR
MAC address of the user device. Possible formats include:
  • 00164115208c
  • 00:16:41:15:20:8c
  • 00-16-41-15-20-8c
VLAN_ID (optional)
Custom VLAN ID assigned by the device to the Public Spot user upon login. After authentication by the RADIUS server, the individual VLAN ID overwrites a global VLAN ID that a user would otherwise obtain from the XML interface.
The value 0 disables use of a VLAN.
SOURCE_VLAN (optional, only in conjunction with authentication by RADIUS server)
The VLAN ID of the network from which a Public Spot user attempts to login (source VLAN). The Public Spot forwards the source VLAN in its access request to the internal or external RADIUS server. The Public Spot uses the RADIUS attribute 81 (tunnel-private-group-ID) together with the RADIUS attributes 64 (tunnel-type) and 65 (tunnel-medium-type). The RADIUS server uses the source VLAN to decide whether to accept or decline the access request from the Public Spot.If the RADIUS server accepts the request, it returns the access-accept to the Public Spot along with the above-mentioned RADIUS attributes. The Public Spot then saves the source VLAN for the client and its station list and allows the user to access the Public Spot network.
Tip: Use the source VLAN in conjunction with the setup parameter 2.24.47. This prevents Public Spot users in VLAN-separated Public Spot networks/SSIDs from authenticating once at the RADIUS server and then accessing all of the managed Public Spot networks/SSIDs.
Note: The SOURCE_VLAN should not be confused with the VLAN_ID. The VLAN_ID is not sent to the RADIUS server. However, the Public Spot uses it to assign a VLAN ID provided by the gateway to a successfully authenticated user.
PROVIDER (occasionally required)
Name of the RADIUS server used by the Public Spot for user authentication and accounting. If you do not specify a RADIUS server, the Public Spot uses the server configured globally for the module.
This XML element is mandatory if you
  • have configured multiple RADIUS servers for the Public Spot module.
  • want to use the XML interface without RADIUS authentication but with RADIUS accounting.
Specifying this XML element is otherwise optional.
Important: The referenced RADIUS server must be present in the configuration.
TXRATELIMIT (optional)
Maximum bandwidth (in kbps) provided to the Public Spot user for the uplink.
RXRATELIMIT (optional)
Maximum bandwidth (in kbps) provided to the Public Spot user for the downlink.
SECONDSEXPIRE (optional)
The maximum online time for a user account in seconds. The user can use this duration of access time until a relative or absolute expiry time (if set) is reached.
The value 0 switches off the monitoring of the time budget.
TRAFFICEXPIRE (optional)
The maximum data volume for a user account. The user can use this data volume until a relative or absolute expiry time (if set) is reached. The following entries are allowed:
  • k or K: Specified in kilobytes (kB), e.g. <TRAFFICEXPIRE>1000k</TRAFFICEXPIRE>.
  • m or M: Specified in megabytes (MB), e.g. <TRAFFICEXPIRE>100m</TRAFFICEXPIRE>.
  • g or G: Specified in gigabytes (GB), e.g. <TRAFFICEXPIRE>1g</TRAFFICEXPIRE>.
Without a unit, the specification corresponds to a value in bytes (B).
The value 0 switches off the monitoring of the data volume.

The XML interface then sends the gateway a "Login" response, which can contain the following XML elements:

SUB_USER_NAME
User name
SUB_STATUS
The current user status. The following values are possible:
  • RADIUS_LOGIN_ACCEPT: Login successful
  • RADIUS_LOGIN_REJECT: Login rejected
SUB_MAC_ADDR
MAC address of the user device. Possible formats include:
  • 00164115208c
  • 00:16:41:15:20:8c
  • 00-16-41-15-20-8c
PROVIDER
Name of the RADIUS server to be used for this user.

Some examples of XML files are given below:

Login request
The external gateway sends the data for the start of a session to the Public Spot:
<?xml version="1.0" encoding="ISO-8859-1"?>
<PUBLICSPOTXMLINTERFACE>
  <ACCESS_CUBE COMMAND="RADIUS_LOGIN">
    <SUB_USER_NAME>user2350</SUB_USER_NAME>
    <SUB_PASSWORD>5juchb</SUB_PASSWORD>
    <SUB_MAC_ADDR>00164115208c</SUB_MAC_ADDR>
    <PROVIDER>DEFAULT</PROVIDER>
  </ACCESS_CUBE>
</PUBLICSPOTXMLINTERFACE>
The Public Spot enables 'user2350' in the internal Status table.
Login response:
The XML interface sends a confirmation about the start of a session to the external gateway:
<?xml version="1.0" encoding="ISO-8859-1" ?>
<PUBLICSPOTXMLINTERFACE>
 <ACCESS_CUBE ID="WLC_PM" IP="192.168.100.2" COMMAND="USER_STATUS">
    <SUB_STATUS>RADIUS_LOGIN_ACCEPT</SUB_STATUS>
    <SUB_MAC_ADDR>00:16:41:15:20:8b</SUB_MAC_ADDR>
    <SUB_USER_NAME>user2350</SUB_USER_NAME>
    <TXRATELIMIT>0</TXRATELIMIT>
    <RXRATELIMIT>0</RXRATELIMIT>
    <SECONDSEXPIRE>0</SECONDSEXPIRE>
    <TRAFFICEXPIRE>0</TRAFFICEXPIRE>
    <ACCOUNTCYCLE>0</ACCOUNTCYCLE>
    <IDLETIMEOUT>0</IDLETIMEOUT>
    </ACCESS_CUBE>
</PUBLICSPOTXMLINTERFACE>

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo