Eltex Documentation EN
Быстрые ссылки
Дерево страниц

Сравнение версий

Старая версия 1

changes.mady.by.user Отдел Документации

Сохранено

по сравнению с

Новая версия Текущий

changes.mady.by.user Отдел Документации

Сохранено

Ключ

  • Эта строка добавлена.
  • Эта строка удалена.
  • Изменено форматирование.

...

SoftWLC is a software Wi-Fi controller that provides a complex solution for organizing guest and service networks. SoftWLC software package combines Wi-Fi access points, access switches and routers manufactured by Eltex into a single product. The package allows configuring and maintaining networks and user services in accordance with a client's requirements.

Main modules of SoftWLC and their functions

  • EMS server
    • management and monitoring of other modules of the system
    • receiving and processing of SNMP traps sent by system components
    • device initialization and configuration
    • performing group operations with devices
    • notification on failures occurred
    • scheduled activation of monitors controlling the proper operation of the system
    • providing Graphical User Interface (GUI)
    • monitoring with saving data to a Round-Robin Database (RRD)
  • WEB portal
    • an application providing a set of WEB portals for user authorization in Hotspot networks
  • Portal Constructor
    • a tool that allows creating and configuring virtual portals for user authorization in Hotspot networks
  • B2B Admin Panel
    • providing interface for new Wi-Fi users' accounts creation and basic service management operations
  • Database
    • MySQL
    • MongoDB
  • RADIUS server
    • AAA operations
    • WPA-Enterprise authorization
  • DHCP server

    • assigning primary (external) IP addresses to access points with option 43 (suboptions 11 and 12) that allows creating GRE tunnels to ESR

    • assigning secondary (management, tunnel) IP addresses to access points with option 43 (suboptions 10 and 13) for management, detection and automatic initialization of access points
    • assigning IP addresses to Wi-Fi users connected to access points
    • classification of DHCP customers by 82, 60 options and giAddr Field
  • APB service
    • roaming of users authorized via WEB portal
    • configuration and transmission of public IP address lists for portal authorization
  • Notification Gateway
    • centralized interchange between platform elements and external systems (SMS gateways, Call centers and email servers) via SMTP, SMPP, HTTP, WebSocket
  • PCRF

    • authorization and authentication of users connected via BRAS (a server which allows providing user service based on third-party vendors' access points)

    • accounting information collection for all authorization mechanisms and transferring it to a database

    • control of the number of Wi-Fi users' simultaneous sessions for all authorization mechanisms

    • deauthentication of Wi-Fi users authorized via WPA-enterprise modes and BRAS

  • Airtune

    • management of access points radio resources

  • NBI

    • connection between SoftWLC components via the SOAP protocol

    • service operation maintenance

      • Customer Cab
      • Portal Constructor
      • PCRF
    • generation of TLS authorization certificates
  • Assigning ESR

If you want to add a new SSID to the APs in a separate VLAN, you have to configure that VLAN on all switches. If your network is large, this is quite difficult to do. To simplify networking, an ESR is used to build tunnels between the APs and the router that hide the MAC addresses of Wi-Fi customers and do not clog the tables of the network equipment through which the tunnels pass. With this setup, the switches do not know what VLANs are being used within the tunnel, hence you do not have to configure them.

Configuring ESR

Configuring ESR when connecting an AP via L2 access network (WiFi L2 diagram)


The architecture of the solution, when connecting APs via an L2 network, assumes that there will be VLANs allocated for the AP management subnet and VLANs allocated for the SSID user subnet. A new separate VLAN will be allocated for each additional SSID. All VLANs will be terminated on the ESR. This connection scheme is called WiFi L2.

Image RemovedImage Added

Configuring ESR when connecting an AP via L2 access network (WiFi L3 diagram)

Allocating and configuring VLAN when connecting new APs can be not an easy task. It is also not always possible to provide L2 channel from AP to ESR. In this case, it is necessary to use the scheme of connecting APs via the L3 network of the operator. The architecture of the solution assumes that the operator's access network provides L3 connectivity between the ESR, SoftWLC and the primary address of the AP. In this case AP builds L2 GRE (EoGRE) tunnels, that eliminates the need to run VLAN via the operator's access network from AP to ESR. It is enough to terminate AP's VLAN on any router or L3 switch supporting DHCP-relay to give the AP a primary address with option 43 containing ESR addresses for building GRE tunnels. On the ESR side, the automatic building of counter tunnels function (wireless-controller) is configured. This connection scheme is called WiFi L3.

Image RemovedImage Added

Reserving an ESR

An ESR is reserved by VRRP protocol, according to "Active-Standby” scheme;
to exclude the switch to which the ESR is connected as a single point of failure, connection of switches in the stack using channel aggregation is used. The physical ESR links used in the aggregated channel are connected into different switches in the stack.
Traffic is processed by ESR VRRP MASTER. If it fails, VRRP mastery passes to the ESR VRRP BACKUP.

...

BRAS is an executive mechanism that applies certain policies to Wi-Fi user traffic in accordance with directives transmitted to it from the upstream SoftWLC system which makes decisions based on the data transmitted by BRAS. As a part of SoftWLC, Eltex-PCRF module is responsible for interaction with BRAS. Using the RADIUS protocol, it transmits directives for operating with Wi-Fi users.

Configuring a DHCP server

Free ISC-DHCP-SERVER solution is used as a DHCP server (any other dhcp-server may be used). As applied to Eltex.SoftWLC project this software allows to accomplish the following objectives:

...

Instructions for configuring a DHCP server can be found here.

Configuring the option 43

Configuring the option 43 when configuring a DHCP server is necessary:

...

To learn how to configure option 43 on the DHCP server, see the link.

Preparing for installation

The first step is to install the SoftWLC controller on the server. Detailed instructions for installation can be found here.

...

RAM at least 8 GB
CPU >= 2200 MHz
Hard drive memory >= 35 GB
Internet connection
Ubuntu Server 18.04 LTS operating system
Read more about server requirements at the link.

Reserving a SoftWLC

Reservation of SoftWLC controllers is necessary to synchronize critical system files (settings, firmware files, data uploads), MySQL databases, MongoDB databases, and DHCP servers. This scheme ensures availability of service and up-to-date data on both controllers in case of one controller failure, network unavailability, or power supply problems.

...

Documentation on configuring reservation can be found here.

Initializing an AP

To start working with the AP with the controller, the AP must be initialized in the EMS. In order for the device to come to initialization, perform the following:

...

This point is described in details in the following documentation: Quickstart, AP initialization.

Creating an SSID with Enterprise authorization

The key poin for configuring Enterprise authorization is to configure RADIUS. SoftWLC controller operates with FreeRADIUS implementation. To exchange data with the RADIUS server, the UDP (User Datagram Protocol) on a client-server basis is used. The client is an access point that requests the RADIUS server to verify credentials.

...

When a wireless client wants to connect to a Wi-Fi network, it sends an access request to the wireless access point. After the access point receives the user credentials, it sends this information to the eltex-radius server which will forward the connection request to the external radius server. The external radius server analyzes this request and allows or denies the credentials. If the credentials entered are correct, we will be able to connect to the wireless network without any problem, otherwise an authentication error will be returned.

Creating an SSID with Enterprise authorization

SoftWLC includes a WEB-portal with which the hotspot client authorization model is implemented. A user unknown to the system can freely (without obtaining a login and password in advance) connect to the access point, but when trying to access the Internet via a browser, the user is redirected to the WEB-portal page where they can optionally perform the authorization procedure or receive authorization data (for example, via SMS). During the authorization procedure, the subscriber can observe advertising messages in the form of banners customized according to the operator's requirements.

...