Behind Hotspot system

ff_ff_ Member Posts: 20

Hello,

i need a information about how I can get the APs configured behind a hotspot system.

I think that I need a domain/IP which I can add to the "walled garden settings" of the hotspot system so the AP can get access to the cloudmanager.

Which domain/IP I have to add to the walled garden that the accesspoints can get access to the cloudmanager?

best regards

Comments

  • vybhavramvybhavram Xpert, Moderator Posts: 1,063

    Hello @ff_ ,

    We do not have a specific set of IPs that you might need to allow in your walled gatden settings. A better rule would be to allow NTP , SSL and UDP traffic from the AP's IP address out to the internet.

    Regards,
    Vybhav

  • ff_ff_ Member Posts: 20

    Like I understood, the AP opens a connection to the xclaimwireless server (with NTP, SSL, UDP) for submitting his status. In this case he needs a domainname or a IP to connect to the server. Because we only have the possibility to add a free MAC-Adress (which is not secure) or add a Domain/IP in the Hotspotsystem it´s important to have it. Then it´s easy for us to bring more Accesspoints to the system because then we don´t need to add each unsecure MAC-Adress to the system.

  • vybhavramvybhavram Xpert, Moderator Posts: 1,063

    Hello @ff_ ,

    We use a secure public cloud hosting service to power CloudManager. The IP address range of CloudManager is not fixed and the AP communicates with different IP addresses at different times, depending on a variety of factors.

    An alternate solution would be assign all access points with an IP address in a particular range and permit all SSL,NTP and ICMP traffic from that IP address range out to the internet?

    Regards,
    Vybhav

  • ff_ff_ Member Posts: 20

    It´s not possible to get clients IP free to the internet.
    We only can add IP´s and domains of devices from the www.
    So it´s no problem if the device sends a request to like http://xclaimwireless.com and gets bounced to the right ip from there. But for us it´s interesting if there was such an domain?

    Other ideas?

  • vybhavramvybhavram Xpert, Moderator Posts: 1,063

    Hello @ff_ ,

    Just to clarify, so does your firewall listen to DNS responses for different URL's containing xclaimwireless.com and then dynamicallly allow traffic to-from those IP addresses?

    Regards,
    Vybhav

  • ff_ff_ Member Posts: 20

    Yes! It works in this way.

  • ff_ff_ Member Posts: 20

    Because I´ve got no answer to this, I started a little sniffing session and found out the following IP´s/Domains:

    update.xclaimwireless.com
    ntp.ruckuswireless.com
    api.xcloud-ops.net
    dynamodb.eu-west-1.amazonaws.com
    api.xcloud-stage.net
    pubsub.pubnub.com
    8.8.8.8 (PING)

    All of them are opened within 1minute after AP starting.

    Did I forgot something?

  • Hi @ff_,

    Those domains are correct.

    Regards
    Ramesh

Sign In or Register to comment.