Quelle anzeigen

Description:

This article describes how to configure a cloud-managed Hotspot with an external Captive Portal in the LMC (e.g. the Frederix Hotspot).

To prevent the Blast-RADIUS vulnerability from being exploited, the LMC requires the option Message-Authenticator in the default settings (this option is located in the configuration dialog Create Hotspod Network in the Advanced Settings, if an external Captive Portal is used). Therefore, the RADIUS server must be configured in such a way, that the Message-Authenticator is used in its answers.

Screenshot of an advanced settings menu for configuring a hotspot network, including options to manage the router gateway and require a message authenticator in RADIUS responses.

Requirements:

LCOS as of version 10.42 or LCOS LX as of version 5.30 (download latest version)
Access to the LANCOM Management Cloud (chargeable)
Any web browser

Procedure:

1) In the LMC go to the menu Networks and click on Add Network → Hotspot Network.

LANCOM Support Knowledge Base EN > Configuring a cloud-managed Hotspot in the LANCOM Management Cloud with an external Captive Portal > 1.png (Alt Description: A screenshot of a networking dashboard displaying options for VLAN, Internet VPN, security settings, and hotspot configuration alongside project specifications and site counts.)

2) Modify the following parameters:

Captive Portal: Select the option External.
Network Name: Enter a descriptive name for the Hotspot SSID (in this example Guest).

Screenshot of a network configuration interface highlighting options such as Network Name, Guest Settings, Global Parameters, and VLAN settings.

3) Expand the section Authentication and enter the URL of the external Captive Portal for the Landing-Page-URL.

The variable %m must be used in the URL.

An image of a network configuration interface showing various settings such as Network Name, VLAN ID, Authentication, and Landing Page URL, among other parameters.

4) Under RADIUS servers click on Add.

Screenshot of a network configuration interface displaying options for creating a hotspot network, including fields for network settings, authentication, landing page URL, HTTPS requirements, and advanced settings like RADIUS servers.

5) Modfify the following parameters and click Apply:

IP address: Enter the public IP address of the RADIUS server which authenticates users for the external Captive Portal (in this example 81.81.81.100).
Port: If necessary, modify the Port, which is used for the communication with the RADIUS server. With default settings the port 1812 is used.
Key: Enter the key, which the LMC uses for authentication with the RADIUS server.

Image of a technical configuration interface with options to add a RADIUS server, shown with partially visible text and settings.

6) Lastly click on Save.

Screenshot of a digital interface for configuring a network hotspot, showing fields for network settings, authentication, landing page URL, and advanced settings.

7) Proceed as described in the following Knowledge Base articles (depending on your scenario) for further configuration (assigning the network to the site, rolling out the configuration among other things).

Thank you for your feedback! You can also send us constructive suggestions for improving our knowledge base or ideas for new articles by email to knowledgebase@lancom.de.