Wifi-soft Solutions Unibox User manual
Unibox User Guide
An intelligent Network Access Controller
Wifisoft Solutions Private Limited
© Copyright 2018, Wifi-soft Solutions Pvt. Ltd.
All rights reserved.
The information contained herein is subject to
change without notice. This document con-
tains proprietary information, which is pro-
tected by copyright. No part of this document
may be photocopied, reproduced, or trans-
lated into another language without the prior
written consent of Wifi-soft.
Publication Date
Aug 31st , 2018
Applicable Products
The administration guide applies to the follow-
ing products –
•UniBox U50 & U100
•UniBox U200 & U500
•UniBox U1000, U2500, U5000
Disclaimer
WIFI-SOFT SOLUTIONS PRIVATE LIMITED
MAKES NO WARRANTY OF ANY KIND WITH RE-
GARD TO THIS MATERIAL, INCLUDING, BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE.
Wifi-soft shall not be liable for errors con-
tained herein or for incidental or consequen-
tial damages in connection with the furnish-
ing, performance, or use of this material.
The only warranties for Wifi-soft products and
services are set forth in the express warranty
statements accompanying such products and
services. Nothing herein should be construed
as constituting an additional warranty. Wifi-
soft shall not be liable for technical or editorial
errors or omissions contained herein.
Wifi-soft assumes no responsibility for the use
or reliability of its software on equipment that
is not furnished by Wifi-soft.
Unibox Overview
UniBox is a network access controller and a hotspot gateway that helps network administrators
secure and control access to wired or wireless networks. It is used as hotspot controller, network
controller and Internet gateway in variety of businesses, hospitality venues, shopping malls,
hospitals, schools and colleges, transport venues, enterprises and any place where networks need
to be managed. UniBox provides various functions like access control, user management, AAA server,
billing system, multi-WAN router, firewall, URL logging, VPN server, AP controller, bandwidth control,
reporting/analytics and advertisement.
UniBox can be used for managing public wireless (or wired) networks at Wi-Fi hotspots/ hotzones,
campus and public-access networks. It can be used by private enterprises for controlling access to
their private networks, isolating and authenticating guest traffic via a splash page, enforce time and
usage policies and to allow secure and limited access to BYODs by employing self-registering /
requesting for IT approval of their BYOD devices and.
UniBox is an all-in-one gateway controller i.e. it functions both as a firewall and an access controller
as well as an authentication and billing server. It implements a captive portal that restricts
unauthenticated users from getting access to the network resources e.g. Internet. In addition, it also
provides an on-board authentication and billing server to verify the user’s credentials and charge
the user for using the network.
UniBox can be also deployed with a central authentication and billing (OSS/BSS) server. In this case,
UniBox will function in controller-only mode and will use the services offered by the central server.
If the hotspot / hospitality operator wants to manage multiple hotspots centrally then UniBox is
deployed in the controller mode. It works seamlessly with Wifi-soft’s cloud-based management
platform – WiFiLAN.
UniBox comes in different models based on number of concurrent users it can handle. The models
range from 50 concurrent users to 5000 concurrent users.
UniBox comes with built-in access point controller and NMS system. The AP controller is responsible
for controlling and configuring UniMax access points. It also provides a comprehensive NMS system
that provides the real-time status and health of each access point.
In addition, UniBox can be deployed to work with wide range of industry standard wireless access
points like Cisco, Ruckus, Aruba, DLink, Ubiquiti to name a few and can easily be overlaid in any
existing wired or wireless network in a small to large sized networks. The software stack is installed
on standard x86 hardware running Linux variant. This makes UniBox very versatile and is capable of
scaling to support thousands of users on the network.
Primary functions
UniBox is primarily deployed as a network access controller and hotspot gateway to manage
enterprise networks, guest access networks and public Wi-Fi hotspots. It also incorporates various
security functions that are useful for managing enterprise networks –
1. Network Configuration
Unibox provides you the ability to interface and monitor your network by providing various
network configuration and monitoring options. UniBox is deployed as a gateway so it sits
between the private LAN and public WAN / Internet network. UniBox comes with multiple
Ethernet ports. Each port can be configured as WAN or LAN port thus giving flexibility to the
administrator to create multiple LAN segments or configure multiple WAN connections.
The WAN port supports various configuration options like Dynamic and Static IP. Multiple
LAN profiles can be created and each LAN segment can be configured with a separate DHCP
server. In addition, the port can be configured to tag the traffic with VLAN tags.
Other than port configuration, UniBox provides features like DHCP server and DNS that al-
lows administrator to configure IP addressing and to choose specific domain name servers.
Built-in monitoring module, allows to you to monitor all the network elements like wireless
access points, IP cameras, POS terminals, etc in the network. The NAT feature provides net-
work address translation and port forwarding thus enabling access to the internet by the
guests and BYODs as well as secure access to internal devices from the Internet. Unibox also
provides SNMP agents and SNMP traps to interface with third-party NMS systems. Finally
the DDNS feature allows administrators to use DDNS services like anyDNS, no-ip etc that
allows access to UniBox deployed on a dynamic IP.
2. Captive Portals
Captive Portals are displayed to the hotspot and BYOD users when unauthenticated users
try to connect to a Wi-Fi hotspot. The Captive Portal is displayed as a result of redirection of
the client on the network. It provides an interface for the user to provide login information
and pass this information to the Authentication Server for validation. Unibox provides pre-
defined templates for designing captive portals using the click-and-customize method. Al-
ternatively, administrator can also design the captive portal separately and host it on an ex-
ternal web server. UniBox provides customization of logo, branding, images, text and layout
of the captive portals to suit specific branding requirements.
Captive Portals also provide an option for user provisioning (online registration) by request-
ing the users to create their accounts using a payment option like credit card or PayPal. Un-
iBox manages the complete end-to-end workflow of the user provisioning process.
3. MAC Login / BYOD
Many businesses, especially for non-manufacturing workforce, are witnessing an explosive
demand by the employees to use their own personal devices, like smart phones, tablets and
ultrabooks / laptops to check their emails, access to intranet portals like sharepoint and to
have access to a limited number of web applications servers, while 95% use of these personal
devices is for Internet access. It is an IT nightmare and most of the time, under pressure from
supervisors and higher levels, IT departments are simply allowing these users / personal de-
vices to access the Internet thru company network by having them use the company private
wireless networks, though most of these users are not at all malicious, nonetheless, the se-
curity posture of the devices and the websites / content some of them accessing thru the
company network, has potential for security breaches / work / virus infection to company
business servers and other business computers. Unibox allows self-registration of such de-
vices wherein the user of such personal device will request for access from IT department by
filling up a short browser based form splashed thru the Unibox, as user tries to go to Internet,
and then submits the same over to the IT department, which then approves or otherwise
the access and then notify the user via their company email to be of granted access to the
limited BYOD network. This process not only allows approved devices on the network, it also
allows to take away the access if a device is lost / stolen or if an employee leaves the com-
pany and at the same time allows companies to enforce policies, bandwidth caps, content
filtering etc.
4. User Authentication and Tracking
Once the user, say an education/residence environment, is provisioned in UniBox, s/he can
use the captive portal to gain access to the network. This involves AAA (Authentication, Au-
thorization and Accounting) services from the RADIUS server. This service is responsible for
validating user’s credentials and providing access to the Internet and any limited internal
web / application servers if so allowed. It also performs accounting function by collecting the
CDR/session records for each user. UniBox running in local authentication mode run an in-
ternal AAA server that is responsible for all the AAA services on the network.
5. Billing
UniBox comes with a comprehensive billing module that allows administrators to configure
different billing plans, create access codes, perform credit card clearing, interface with Pay-
Pal and generate revenue reports. Most US credit card payment gateways are supported,
and other country payment gateways can be helped with, if there is sufficient demand.
6. Bandwidth control
UniBox comes with many bandwidth control tools that allow administrators to effectively
manage bandwidth among the users. It provides options to enforce group-level or per-user
level bandwidth control rules to ensure optimal use of the network bandwidth.
7. Policy Management
UniBox provides wide range of policies to restrict usage, enforce fair usage and identify mis-
use of the network. These policies can be applied to group of users and tracked by the ad-
ministrator on a regular basis.
8. Traffic Management & QoS
UniBox offers various tools to effectively manage and control the data usage on the network
in addition to maintaining QoS. Traffic management can be done at different levels like group
of users, per user, per application or port or a subnet of IP addresses. UniBox provides dif-
ferent policies to enforce fair usage on the network or penalize users who are misusing the
network traffic.
9. Reporting and Analytics
Extensive reporting capabilities allow administrators to keep watch on all the activity on the
network. UniBox also analyzes the data collected from the users and display analytics like
usage trends, OS/Devices used, top users, etc.
Important Concepts
1. RADIUS (AAA)
RADIUS stands for Remote Authentication Dial-In User Service. The protocol is defined by
IETF (Internet Engineering Task Force) and is described in detail in RFC 2865 and RFC 2866.
2. Captive Portal
Captive Portal (AKA –login or landing page) is the page that enforces authentication on the
network managed by UniBox. The Captive Portal can be either hosted inside the UniBox or
can be hosted on an external web server.
3. Bandwidth Control
Bandwidth control mechanisms are required to control the bandwidth for each user on the
network. UniBox offers various bandwidth control functions to help the administrators reg-
ulate the bandwidth usage and punish the users who hog the bandwidth.
4. User Provisioning and Management
UniBox provides completely automated mechanism for provisioning users on the public net-
works like Wi-Fi hotspots. Unauthenticated users are presented a registration page to create
an account online. The registration page may offer billing plans for paid hotspots or UniBox
also allows administrators to add user’s account directly in the system.
User accounts created are generally associated to a particular groups, policies or plans. Users
Internet usage can be restricted based on the plan or groups they belong. Unibox allows you
to configure various restrictions for each user like Session timeout, Concurrency Limit, Idle
Timeout, Upload/Download Rate, Daily Upload/Download Quota, Sessions per day and Us-
age Quota.
Unibox does comprehensive accounting of each user which provides you with details like
Start time and End time of Sessions, Duration, MAC Addresses, Upload/Download Data Size
per session and the session termination reason. It also maintains Agent and Authentication
history which provides you information about user’s browser, OS, IP/MAC addresses, login
timing, bandwidth usage and more. Administrator also has a privilege to expire, suspend or
activate users or even disconnect the user from the network. Finally the user’s activity and
authentication history can be exported to a PDF or Excel file to analyze it further.
5. Billing
For a paid network like Wi-Fi hotspot, it is necessary to provide online payment option to
the end-users. The billing system allows administrators to charge credit cards, interface with
PayPal, define billing plans, view transactions and configure the payment gateway details.
Before enabling billing, administrator needs add the payment gateway settings in UniBox.
When the user registers for a new account, UniBox passes the credit card details to the pay-
ment gateway for processing. If the card is charged successfully, the user’s account is created
in subscriber table and user is given access based on the billing plans he selects.
Similarly, administrator can create different types of prepaid (access) codes or PINs which
can be exported or printed in a business card sized format for distribution. The end user can
enter the prepaid code on the portal page and gain access to the network (Internet) for the
allotted time or bandwidth.
6. SMS Based Login
SMS based login employs two-factor authentication process (also known as OTP –one time
password) to validate the user with his/her mobile number. With the rise in cyber crimes,
many countries require that hotspots operators validate the user’s mobile number at a pub-
lic WiFi hotspot. SMS based login helps these operators to comply with this requirement.
Additionally, this process also allows the operator to collect mobile/cell phone numbers for
marketing and promotional activities.
How does it work?
When the customer visit your WiFi Hotspot, s/he will see a login page (Captive Portal) re-
questing them to enter her/his mobile (cell) number. Customer enters the mobile number
along with the other optional details like personal information, email, preferences, etc. On
receiving the information, UniBox sends a SMS with a login code (randomly generated) to
the registered Mobile Number. Customer needs to enter the code on the login page to gain
access to the Internet. UniBox provides different variants to this process to allow operators
to implement different business models on the network.
7. Social Media Integration
Social media is a network of all people who get together as a society over the Internet and
connect with each other for sharing information, knowledge, news, events etc. We have
number of popular social networking websites like Facebook, Twitter, Google and LinkedIn.
There is a rising trend to capture social media information for the users who access Wi-Fi at
public hotspots. Most of the social media websites provide rich API to retrieve user’s profile
that is extremely valuable to companies for profiling users, understanding user trends and
building marketing strategies. For end-user’s perspective, the users don’t need to remember
username and password for each hotspot. Instead they can just use their Facebook ID to gain
access to the hotspot.
UniBox provides different options to validate user’s credentials using their social media pro-
file. It also seamless collects the user’s public information to generate analytics and trends.
8. Activity Logging (URL Tracking)
Activity logging means tracking the user browsing activity and logging the URLs the user visits
while using UniBox managed network. This is an optional feature and can be activated on
need basis. When activated, UniBox starts keeping track of the Internet activity for the user
and logs the activity in a database. Administrators can generate various reports or use the
search tool to find URLs visited by a user on the network. Additionally administrator can log
and archive the information centrally by streaming the information to a remote server. This
may be required for regulatory compliance.
9. Network Monitoring and Alerts
Monitoring allows administrators to check the health of all the network elements like access
points, switches, cameras, printers, etc inside the network. It monitors each element peri-
odically to ensure that the connectivity is intact. If an outage is detected, an alert is gener-
ated and sent to the right person so a repair work can be carried out before the end users
get affected.
UniBox Models
UniBox is sold in three standard variants –
SMB Models
Models Available : U50 and U100
These models are ideal for small to medium networks that support up to 100 concurrent
devices. They are generally deployed for small hotspots in cafes, retail shops, small offices,
motels, etc. The models are available in a small, compact enclosure and is powered by a
separate 12V DC adapter. It supports 3 gigabit Ethernet ports.
Enterprise Series
Available Models: U200 and U500
This model is ideal for medium sized networks and is capable for support up to 200 to 500
concurrent devices. This UniBox is ideal for medium venues like hotels, motels, shopping
plaza, training institutes, medium sized businesses, etc.
Campus Series
Available Models: U-1000 and U2500
These models are designed for high-traffic, large networks and is capable of handling up to
1000 concurrent users. The model comes in 1-U form factor and comes with 6 gigabit ports.
It is ideal for larger venues like large hotels, schools/colleges, enterprises, etc
Large Campus Series
Models: U5000
These models support large number of concurrent users and provides high throughput. It
comes with 6 gigabit Ethernet ports and 2 SFP+ ports. It is ideal for very large venues like
convention centers, universities, airports and large enterprises.
In addition, you can also order custom model for networks that have more than 5000 concurrent
users or where there is a need for a redundant power supply and redundant LAN side connections
for hook up to a stack of enterprise switches or two core enterprise switches, for better resiliency.
For large scale and critical operations, it is recommended to deploy a pair of controllers in active /
passive mode. The configuration from the active can be backed up along with the user database to
the passive unit (not suitable for hospitality operations, because of dynamic nature of guest
accounts, but a spare unit with configuration restored and user accounts recreated or in case of
external radius server hosting such accounts will work. Table on the next page shows the complete
list of Features, Hardware Specifications and Software Specification for each model.
Installation
This section explains how to install UniBox in your network. UniBox needs to be deployed as a
network gateway so it is installed between the LAN and WAN network. UniBox is always shipped
with two or more Ethernet ports. The photos below display the various components of two UniBox
variants – standalone unit and 1U server unit.
Standalone Unit
UniBox U50/U100
UniBox U-100 standalone unit comes with three Ethernet ports, serial port, two USB ports and a
power jack. The photo shows the various connectors available to the user. The LAN port needs to
be connected to your private network that UniBox will manage. The WAN port needs to be plugged
into your Internet (WAN) connection.
<<Image here>>
UniBox U-200
UniBox U-200 standalone unit comes in 1U form factor with 4 Ethernet ports, 2 USB ports, serial
port and power jack. The photo shows the various ports available on UniBox U200. Any port can be
configured as WAN or LAN port. The admin can create multiple WAN profile and then assign these
profiles to multiple Ethernet ports. If multiple WAN ports are assigned, then UniBox will be
automatically configured for load balancing and failover.
Similarly any port can be configured as LAN port and multiple LAN profiles can be setup and
assigned to physical LAN ports.
UniBox U-500 /U-1000
UniBox U-500 / U-1000 models comes with a 1U form factor and is generally installed in a server
rack. The unit comes with 6 Gigabit Ethernet ports. The admin is free to chose any port as LAN or
WAN port. Depending on client requirements, the U500 or U1000 might also come with 2 SFP+ ports.
These ports can be assigned LAN or WAN profile depending on the client requirements.
Network Deployment
The diagram below shows a simple deployment scenario for UniBox. It is generally deployed as a
hotspot gateway/controller within a wired or wireless network. In case of a wireless network, several
access points are deployed across the venue to provide adequate signal coverage to the users. These
access points are connected centrally into a POE switch using CAT-5e cables or via Power injectors.
The LAN port of UniBox is plugged into the switch. The access points are usually configured in bridge
mode thus allowing the clients to directly communicate with the UniBox. UniBox is responsible for
assigning IP addresses on the network. It also functions as gateway for all the clients on the network.
The WAN port of UniBox is connected to the WAN circuit. Administrators can place a firewall in
between UniBox and the Internet if desired. Otherwise the WAN port directly connects to the
modem. The WAN settings are programmed in UniBox.
When authentication is enabled, each user needs to provide the correct login credentials in order to
access the Internet. UniBox also performs many other functions like bandwidth control, activity
tracking, caching, content filtering, policy management, etc. In short, UniBox provides administrator
with complete control on the network.
We will go through various scenarios in which Unibox can be deployed. Lets start with Simple Unibox
Deployment Scenarios (UDS1).
UDS1: Unibox Deployment Scenarios 1 – Simple Deployment
Description: An Internet connection to Unibox (WAN Port) via Firewall and then spreads out
internally through different Access Points (AP’s) connected to Switch which is further connected to
Unibox (LAN Port). End User connects to the various Access Points and goes through the Unibox
before they browse the Internet. Diagram below shows detailed deployment of Unibox.
Feature Summary
Networking
This section allows administrators to configure the network settings of UniBox. These settings
are needed to configure the WAN and LAN ports of UniBox and other network related
parameter. Following items can be configured –
1. Port settings –Configure IP settings for WAN and LAN ports.
2. DNS server –configure the primary and secondary DNS servers
3. DHCP server –UniBox runs a DHCP server that issues IP addresses to the clients con-
nected on LAN ports.
4. IP Routes –configure the default and additional IP routes for the Internet traffic
5. NAT –configure network address translation rules to allow port forwarding functions
6. Device Monitoring –configure network devices like access points, switches, router, etc
for monitoring and view the monitoring results
7. SNMP –configure the SNMP agent and traps
8. Dynamic DNS –Configure Dynamic DNS in case Unibox WAN port IP Address is dynamic
and changes frequently. Dynamic DNS helps you to resolve Unibox Hostname even if
your WAN IP address is changing frequently.
Authentication
UniBox provides a redirect function whereby the network user is redirected to a captive
portal before getting access to network resource like Internet. UniBox also provides a local
authentication mechanism to authenticate the users via the RADIUS server. In addition, the
administrator can also configure UniBox to authenticate users via an external RADIUS server.
Bandwidth Management
Bandwidth management is increasingly an important function for public access networks –
wired or wireless. With the explosive growth of online video and rich-media applications,
there is increasing demand for bandwidth and allocating fair bandwidth among users has
become extremely important.
UniBox provides several bandwidth control mechanism and policies to regulate the
bandwidth for each user. This allows administrators to implement fair usage policy among
the users and not allow anyone to hog the bandwidth.
Policies
UniBox implements various policies to control access and bandwidth of the online users.
Administrators can categorize users into various groups and apply the policies on a group
basis. The policies help the administrator implement fair usage, penalize users or limit
bandwidth for each user.
Captive Portal
Captive portal is the first page the users see when she connects to the network. The captive
portal is used to identify the user before the user gets access to the network resource like
Internet. The captive portal can be either hosted on UniBox or it can be loaded from an
external web server. UniBox provides a simple, template-based captive portal design that the
administrators can easily customize with the company branding.
The external captive portal provides administrators much more flexibility and control on the
design and layout of the web page.
Billing
Billing is an important function for Wi-Fi hotspots. UniBox provides a billing engine that gets
seamlessly integrated with the captive portals. Billing can be done either using access
(prepaid) codes or using credit card or PayPal. Administrators can define various billing plans
in the system and offer the billing plans to the guest on the captive portal. Alternatively she
can also generate batch of access codes and distribute them to the end users. Billing section
also generates various reports to track the monthly revenues from the hotspot.
Reporting
Reporting is an important function of UniBox since administrator can retrieve various reports
on usage, revenue and health of the network. The usage reports are used to check the
bandwidth usage, online time and other details of the users. The billing reports provide
information about the revenue generated from the users. The reports can be downloaded in
Excel or PDF format for archiving or further processing.
Subscriber Management
If administrator configures UniBox to use on-board RADIUS server for user authentication
then the user database is stored locally in UniBox database. UniBox provides comprehensive
interface to manage the user information.
Monitoring
UniBox can be used to monitor the health of the wired or wireless network. It provide a
monitoring service that can be used to check whether the network devices like switches,
access points, routers, firewalls, etc are online and the connectivity is intact. UniBox can send
alerts to the administrators in case there is an outage to avoid lengthy downtime for the
network users.
Administration
UniBox provides multiple administration account and each one can be configured with
custom access control rules. This ensures that the administrator can provide adequate access
to UniBox data based on the user privileges
Interfaces
Depending on the model, UniBox provides multiple Ethernet ports. Each UniBox has at least
two Ethernet interfaces – LAN and WAN.
Technical Overview
Architecture
UniBox is built on robust and scalable software architecture to ensure a reliable, round-the-clock
performance. UniBox firmware runs on the latest Linux kernel and is compatible with any x86
hardware platform. This provides UniBox a lot of options for deployment. Technically, it is possible
deploy UniBox firmware on a custom designed x86 server to support more than 5000 users.
The software architecture for UniBox is as shown –
Menu Summary
UniBox offers the following menu options to the administrators. Some models may not have the
menu options. Please refer to your admin console to check the menu options available for your
model.
Network
•WAN
•LAN
•VLAN
•Interfaces
•DNS
•VPN
•Monitoring
•DDNS
•IP Routes
•Routing
Wireless
•Heatmaps
•Manage APs
•Clients
Authentication
•Controllers
•Groups
•User Management
•Passthrough
•Portals
•SMS
•MAC Blacklist
•External Services
Control
•Policies
•Content Filter
Advertisement
•Category
•Ads
•Campaign
Billing
•Plans
•Payment Gateway
•Billing Configuration
•Transactions
•Email Templates
•Email Relay
•Vouchers
•PMS
Tools
•Diagnostics Tools
•Remote Syslogs
•User Activity Logs
•Event Logs
•Conntrack Logs
Reports
•Online Users
•User Agents
•SMS
•Social Media
•System
•Usage
•Billing
•Advertisement
•Monitoring
•Automated Reports
Admin
•Accounts
•Profile
•License
•Configuration
•Approvals
•Time
•Reset
•Reboot
•Power Off
•Logs
Table of contents
