Description
The module Eltex-APB is implied to support information exchange between access points. Provides:
- Roaming of users connected via the WEB portal authorization authorization.
- Configuration and transmission of public address lists during portal authorization,
Service management
Operation | Command | Response |
---|---|---|
Status check |
| The service is running eltex-apb is running with pid <pid> The service is not running eltex-apb is not running |
Service start |
| The service has been started Starting eltex-apb ... eltex-apb started The service is already running eltex-apb is already running |
Service stop |
| The service has been successfully stopped Stopping eltex-apb ... eltex-apb stopped The service has not been stopped, as it was not started eltex-apb is not running rm: cannot remove '/var/run/eltex-apb.pid': No such file or directory |
Service restart |
| The service has been successfully restarted Stopping eltex-apb ... eltex-apb stopped Starting eltex-apb ... eltex-apb started |
Configuration
/etc/default/eltex-apb
- contains the main service settings:
- A listened port:
PORT=8090
- Request queue length. When a queue is full, new requests will be ignored by a server, until old requests are processed (by default, request will not be queued):
ACCEPT_QUEUE_SIZE=0
- Maximum message buffer size, in bytes:
MAX_TEXT_MESSAGE_BUFFER_SIZE=262144
- Memory allocated for service operation (memory is allocated for a process, not for a cache specified in /etc/eltex-apb/ehcache.xml):
JAVA_INIT_HEAP=128m JAVA_MAX_HEAP=2048m
/etc/eltex-apb/apb.properties
- the file contains settings for connection to the Mercury service,
mercury.host=localhost mercury.port=6565 mercury.pool.size=100
required files' locations
# Config filePath to cache cache.config=/etc/eltex-apb/ehcache.xml # list of permitted files to hosts.file=/etc/eltex-apb/hosts.json
and subscription request waiting time after an access point's connection to a server (in seconds)
subscribe.idle.timeout=60
Maximum number of outgoing messages in a queue for each session
session.outgoingQueue=100
/etc/eltex-apb/ehcache.xml
- system settings for storing data on Wi-Fi users connected to a portal. If necessary, the file's name and location can be changed in /etc/eltex-apb/apb.properties.
- Amount of RAM allocated for a table of authorized users is configured in:
<cache name="users" maxBytesLocalHeap="200M" eternal="false" timeToLiveSeconds="43200" memoryStoreEvictionPolicy="LRU">
- parameter
maxBytesLocalHeap="200M"
- Amount of RAM allocated for a table with public address lists is configured in:
<cache name="hosts" maxBytesLocalHeap="128M" eternal="true"> <persistence strategy="none"/> </cache>
- parameter
maxBytesLocalHeap="200M"
/etc/eltex-apb/hosts.json
- the file in json format that contains a set of public address lists. Lists of IP addresses permitted for access before portal authorization are configured in this file. If necessary, the file's name and location can be changed in /etc/eltex-apb/apb.properties.
Listing of hosts.json:
[ { "mobility-domain-list": [ { "mobility-domain": "nsk.ru", "radius-domain": "root", "ssid": "Eltex-Local" } ], "permitted-ip-list": [ "eltex.nsk.ru", "eltex.org" ] }, { "mobility-domain-list": [ { "mobility-domain": "spb.ru" }, { "mobility-domain": "msk.ru", "radius-domain": "root" } ], "permitted-ip-list": [ "rostelecom.ru" ] }, { "permitted-ip-list": [ "213.222.201.16", "213.222.198.16", "213.180.193.51", "192.225.158.3", "180.97.33.83", "178.162.216.178" ........ ] } ]
By default, some permitted IP addresses are specified in this configuration file. The list is applied for all users.
If required, the list can be expanded as in the following examples:
- White list (a list of IP addresses that a client can access before authorization), common to all connected access points is specified in the following format:
[{ "permitted-ip-list": [ "esia-portal1.test.gosuslugi.ru", "esia.gosuslugi.ru", ] }]
- To assign a white list to access points with a certain SSID and domain, the following format is used:
[{ "mobility-domain-list": [ { "mobility-domain": "nsk.ru", "radius-domain": "root", "ssid": "Eltex-Local" } ], "permitted-ip-list": [ "eltex.nsk.ru", "eltex.org" ] }]
That means if information on a user whose mobility domain is nsk.ru, radius-domain is root, and SSID is Eltex-Local gets on the server, the addresses eltex.nsk.ru and eltex.org will be added to default ones specified in the list of IP addresses that the user is permitted to access without portal authorization. That is, addresses included into the "permitted-ip-list" will be applied to a user if all keys specified within one "mobility-domain list" fully match.
If user parameters meet the criteria of several rules, this user will be permitted to access IP addresses from all these rules.
Configuring access points connection to APB
Connection to the APB service on an access point can be configured via GUI EMS.
To configure user roaming during portal authorization, open the section Configuration → Captive Portal.Global and specify the address Roaming Service URL =
ws://<APB IP address>:8090/apb/broadcast
where <APB IP address> is the address of APB accessible from the AP management network.
Configure «Roaming no action timeout» (after which an AP will delete old/inactive entries about roaming clients). The value of «Roaming no action timeout» should be higher than a maximum lifetime of a tariff
After that, open a configured SSID in the tab "Virtual access points" and specify a «User Mobility Domain» in Captive Portal settings (the domain should be the same for all access points that will operate in a roaming).