Legacy Open Mesh: Part 3: Configuring your Network and SSIDs

Step 5: Configure your network

Your network should now be up and running, but there's a lot we can do to customize it to meet your specific needs. We'll walk you through the most common settings here.

Configure → General Settings

The General Settings tab controls network-wide settings. This will be partially filled in with the information you used to create the network.

Network name: The login name for this network on the dashboard, and also the login ID to access this network individually by a site administrator. This is NOT your master login. This allows you to give access to only the network settings for that network without allowing access to your master account.

Location: This defaults to the first address you entered when setting up the network. You can change it at any time.

Time Zone: Used in displaying the local time on reports.

Password: The administrator password for this network. Again, this is only for this network and is not your master login password. It is also not the password your users will use to connect to the network. (not visible on User Management accounts)

Notes: Enter any unique notes for this installation you’d like to be able to refer to later.

Send Email Alerts: Enable this option to send notifications of AP outages to the email address(es) you enter below. The notification will be sent between 1 hour and 1 hour and 15 minutes of the AP being continuously offline.

Alert Emails: The email address notifications will be sent to if enabled. You can list multiple email addresses, separated by spaces.

Configure → SSID 1, 2, 3...

Each CloudTrax device can broadcast four unique SSIDs that users can connect to. Each of these SSIDs are controlled independently in CloudTrax. Typically users have a mix of public SSIDs - with splash pages, bandwidth throttling, DNS filtering and client isolation - and private SSIDs, with WPA Enterprise authentication and access to LAN resources and other clients. When we created your network, we set the first SSID to be public and the second SSID to be private, but you can adjust these any way you wish.

We'll go through most of the features you may want to enable or change. You can also learn more about voucher access, pay networks and more by following the links at the end of this document.

Common Settings

SSID name: The name you'd like users to see and connect to with their device. You can also check the box below to use each access point's name for its SSID instead.

Enable: When selected, this SSID will broadcast on all access points in this network. When deselected, it won't broadcast but your settings will be saved.

Visible: When enabled, this SSID will advertise itself publicly so users can select it from their list of available networks. When disabled, users must enter the SSID name manually.

Band: Choose between which frequency you wish the SSID to broadcast on. (APs with only one frequency capacity will still only be able to use their designated frequency)

Both - Combined SSID: Both 2.4 GHz and 5 GHz broadcasts of the SSID will use the same name. Client devices will make their own roaming decisions on which frequency to connect to.

Both - Unique SSIDs: Clients capable of utilizing both bands will see two different SSID names for each frequency. The client device will stay connected to either the 2.4 GHz or the 5 GHz SSID name depending on which you select.

2.4 GHz only: This SSID will only utilize the 2.4 GHz frequency.

5 GHz only: This SSID will only utilize the 5 GHz frequency.

Authentication: Enable this to authenticate users with WPA-PSK or WPA-Enterprise at the time they connect to the SSID. This isn't required if you wish to authenticate users on a splash page.

Pre-shared key (Password): If you would like to secure your network with a password, enter it here. It must be eight characters or longer and contain no spaces.

WPA Enterprise: Uses 802.1x authentication that requires a unique username and password for each user.

Note: Enabling WPA2 only will require all clients be compatible with the WPA2 encryption standard.

Captive Portal Settings

Bandwidth Throttling: Enable and set download/upload limits to set the maximum speeds users will get when connected to your network. You may want to set these to between 10 and 25 per cent of the speed of your Internet connection, ensuring that one or two users can’t consume the entire available bandwidth.

Splash Page/Splash Page Type: Enable or disable a page users will see before connecting to your network. You can set this to Custom (hosted by CloudTrax) or a hosted remotely version for advanced users.

Splash Page Authentication: Choose CloudTrax, RADIUS or HTTP Authentication. Read more here.

Failed Authentication Block: Choose how many attempts users will have to correctly enter their Voucher code. If the attempts fail, also set how long before the user can attempt to enter the voucher code again.

Client Force Timeout: Minutes client is idle (Idle Timeout) before showing splash page, or minutes between showing splash page regardless of activity (Force Timeout) for non-voucher access. 1 day=1440.

Require voucher: Require a valid voucher on splash pages. If unchecked, allows you to provide a basic tier of service at the rates and durations above and (optionally) faster service using vouchers or PayPal.

Redirect URL: The page to display after the splash page. Leave blank to display the user’s requested page.

Include user data in redirect URL: If set, additional information specific to the request is added as URL parameters when the final redirect occurs. The parameters node_mac, client_mac, and client_url will be set to the MAC addresses of the Access Point and Client, and the original request URL, respectively.

Block Unauthenticated Users: Block all ports until a client device has been authenticated. If unchecked, only browsing is blocked. When selected, unauthenticated users trying to access https websites will not be redirected to the splash page.

allowlist: MAC addresses, one per line that will NOT see the splash page, if enabled. Useful for game consoles that do not have a browser.

Walled Garden: Sites and resources (images and files for the splash page, etc.) users can visit prior to authentication.

Advanced Settings

Block LAN Access: Prevents users on this wireless network from accessing your wired LAN.

Client isolation: Prevents your wireless users from being able to access each other's computers and common for public networks. Unchecking this box will allow you to do things like share a printer attached to the network, but will also allow malicious users access to other users on the network. Uncheck this ONLY if you know all users have a firewall enabled on their computers.

DNS Intercept: Prevents client devices from overriding the DNS settings of the SSID, and instead uses the default gateway DNS, or the Alternate DNS address if set. Without DNS Intercept enabled; Block Clients, Splash Pages, and Alternate DNS will be disabled.

SMTP Redirect: Alternate SMTP server IP address for your network. This allows users to send SMTP email by using your ISP's SMTP server.

Alternate DNS: Alternate DNS server IP addresses, one per line, for this SSID. This setting will override your network-wide Alternate DNS settings on this SSID. This allows you to use services such as OpenDNS for content filtering, client tracking and more.

Access Control List: MAC addresses allowed to use this Access Point, one per line. All other users (MAC addresses) will not be able to browse on this access point. Leave blank to allow all MAC addresses (recommended).

Bridge to VLAN: Each SSID can be tagged with a number from 2-4094 so you can control traffic flow within your LAN. Using a VLAN automatically bridges the SSID to the LAN.

PayPal Item ID: You can require guests to pay for all service or enhanced service through PayPal. See the guides at the end of this document.

---

Next: Configuring Radio, Maintenance, Display and Advanced Settings