FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12682 questions

15065 answers

24137 comments

47098 members

+1 vote
481 views 3 comments
by
I have a maybe unusual use case for captive portal.  

I have a family of say 4 devices that need to connect to the captive portal but only one of them should see the captive portal page. when this device sees the captive portal and successfully authenticates the reamining three clients should then be allowed access without seeing the portal or logging in.

I assume this should be possible with a router doing NAT hanging off the hotspot, but can this be done entirly in the 950 I am using?

Any pointers on how to configure this would be appreciated.

Thanks,

O

1 Answer

0 votes
by
Hi,

I believe MAC AUTH authentication would suit your use-case best: https://wiki.teltonika-networks.com/view/RUT950_Hotspot#MAC_auth

But, this will require some changes and scripts on the template that hotspot is using. If I understood you right, you want one client (let's say one MAC address) to connect first, and when it successfully connects - others are allowed (MAC addresses are added to the MAC filter pool).

For this, there must be a script that recognizes that one device as a special one, and then somehow it must catch that it went through the landing page. Some kind of boolean value maybe?

After that script should initiate the adding of MAC addresses to the filter which are then allowed to go through the landing page too.

What can I offer you in this situation is what we call "GPL packages", which really are source codes of our firmware. In these, you will be able to find the code for generating templates or maybe add a compiler to your preferred language.

https://wiki.teltonika-networks.com/view/GPL

If you'll find this really difficult and you see that this functionality is really necessary for you that you even would spend money on this change - please contact your sales representative for MBP.
by
Thanks for the helpful reply.  To elaborate a little on the use case,  the scenario would be simialar to a user at a hotel who brings with them their own travel router. The travel router connets to the hotel wifi and the users personal devices connect to the travel routers wifi. Then when the travel router triggers the captive portal (any of the connected devices could do this) the MAC address of the travel router is presented to the portal due to NAT.  On successful auth all other devices going through the travel router are 'authenticated' due to the portal only seeing the MAC of the NAT interface.

Of course there is no travel router in my case. But I was wondering if there is a config that uses NAT to achieve the same.

I am happy to modify the scripts and templates as required.
by
Thank you for your explanation. As an alternative, I could also recommend using WiFi's station mode, which will allow travelers router to connect to existing RUT950 WiFI AP which has a hotspot enabled, I would imagine this would be an easier solution for your use-case.

NOTE: that the hotspot AP IP should be different than both routers LAN, so I would safely assume that something like 192.168.100.254/24 should be the best.

EB
by
This is an usual use case!  In my case there is no actual travel router,  I was hoping I could somehow set this up so I dont need to hang a physical travel router off the 950.  Doing that certainly would solve my usecase but is not really an option in this case.

Thanks for the suggestions, I will consider your first reply in detail today