Part 3: Configuring your Network and SSIDs

Follow

Step 4: Configure your network

Your network should now be up and running, but there’s a lot we can do to customize it to meet your specific needs. We’ll walk you through the most common settings here.

Configure > General Settings

The General Settings tab controls network-wide settings. This will be partially filled in with the information you used to create the network.

Location: This defaults to the first address you entered when setting up the network. You can change it at any time.

Network name: The login name for this network on the dashboard, and also the login ID to access this network individually by a site administrator. This is NOT your master login. This allows you to give access to only the network settings for that network without allowing access to your master account.

Time Zone: Used in displaying the local time on reports.

AM/PM time: Used in displaying the local time on reports.

Display Name: Used to display a more descriptive name (other than the login ID) on reports.

Password: The administrator password for this network. Again, this is only for this network and is not your master login password. It is also not the password your users will use to connect to the network.

Disable Limited View: If unchecked, users will be able to see a limited view of the network status. The password will still be required to change any network settings.

Email: Your email in case we need to contact you. We will not share this with others.

Notification Email: The email address notifications will be sent to if enabled. You can list multiple email addresses, separated by spaces.

Email Alerts: Select this box to send notifications of network outages each hour to the email addresses you entered above.

Network notes: Enter any unique notes for this installation you’d like to be able to refer to later.

Controlling access

Datto Networking allows you to control network access in a number of ways. Before users connect to the SSID, set up a WPA Pre-Shared Key, WPA Enterprise, or a MAC-based whitelist/blacklist. After users connect, you can present them with a splash page where they can click to enter, use a RADIUS-based username and password, a voucher code, or pay with PayPal. 

Configure > SSID 1, 2, 3...

Each Datto Networking device can broadcast four unique SSIDs that users can connect to. Each of these SSIDs are controlled independently in the Partner Portal. Typically users have a mix of public SSIDs - with splash pages, bandwidth throttling, DNS filtering and client isolation - and private SSIDs, with WPA Enterprise authentication and access to LAN resources and other clients. When we created your network, we set the first SSID to be public and the second SSID to be private, but you can adjust these any way you wish.

We’ll go through most of the features you may want to enable or change. 

Common Settings

SSID name: The name you’d like users to see and connect to with their device. You can also check the box below to use each access point’s name for its SSID instead.

Enable: When selected, this SSID will broadcast on all access points in this network. When deselected, it won't broadcast but your settings will be saved.

Visible: When enabled, this SSID will advertise itself publicly so users can select it from their list of available networks. When disabled, users must enter the SSID name manually. 

Authentication: Enable this to authenticate users with WPA-PSK or WPA-Enterprise at the time they connect to the SSID. This isn't required if you wish to authenticate users on a splash page. 

Pre-shared key (Password): If you would like to secure your network with a password, enter it here. It must be eight characters or longer and contain no spaces. 

WPA Enterprise: Uses 802.1x authentication that requires a unique username and password for each user.

Captive Portal Settings

Bandwidth Throttling: Enable and set download/upload limits to set the maximum speeds users will get when connected to your network. You may want to set these to between 10 and 25 per cent of the speed of your Internet connection, ensuring that one or two users can’t consume the entire available bandwidth.

Splash Page/Splash Page Type: Enable or disable a page users will see before connecting to your network. You can set this to Custom, Facebook WiFi, or a hosted remotely version for advanced users. 

Splash Page Authentication: Choose RADIUS or HTTP Authentication.

Client Force Timeout: Minutes client is idle (Idle Timeout) before showing splash page, or minutes between showing splash page regardless of activity (Force Timeout) for non-voucher access. 1 day=1440.

Require voucher: Require a valid voucher on splash pages. If unchecked, allows you to provide a basic tier of service at the rates and durations above and (optionally) faster service using vouchers or PayPal.

Redirect URL: The page to display after the splash page. Leave blank to display the user’s requested page.

Include user data in redirect URL: If set, additional information specific to the request is added as URL parameters when the final redirect occurs. The parameters node_mac, client_mac, and client_url will be set to the MAC addresses of the Access Point and Client, and the original request URL, respectively.

Block Unauthenticated Users: Block all ports until a client device has been authenticated. If unchecked, only browsing is blocked. When selected, unauthenticated users trying to access https websites will not be redirected to the splash page. 

White List: MAC addresses, one per line that will NOT see the splash page, if enabled. Useful for game consoles that do not have a browser.

Walled Garden: Sites and resources (images and files for the splash page, etc.) users can visit prior to authentication. 

Advanced Settings

Block LAN Access: Prevents users on this wireless network from accessing your wired LAN.

Client isolation: Prevents your wireless users from being able to access each other's computers and common for public networks. Unchecking this box will allow you to do things like share a printer attached to the network, but will also allow malicious users access to other users on the network. Uncheck this ONLY if you know all users have a firewall enabled on their computers.

SMTP Redirect: Alternate SMTP server IP address for your network. This allows users to send SMTP email by using your ISP's SMTP server.

Alternate DNS: Alternate DNS server IP addresses, one per line, for this SSID. This setting will override your network-wide Alternate DNS settings on this SSID. This allows you to use services such as OpenDNS for content filtering, client tracking and more.

Access Control List: MAC addresses allowed to use this Access Point, one per line. All other users (MAC addresses) will not be able to browse on this access point. Leave blank to allow all MAC addresses (recommended).

Bridge to VLAN: Each SSID can be tagged with a number from 2-4094 so you can control traffic flow within your LAN. Using a VLAN automatically bridges the SSID to the LAN. 

PayPal Item ID: You can require guests to pay for all service or enhanced service through PayPal. 

 


Next: Configuring Radio, Maintenance, Display and Advanced Settings


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Head on over to our Community Forum!