The Kiwire Policy modules let you manage your overall network policy.
The configuration module will configure the overall policy for kiwire platform.
The main tab let you configure the overall policy or default behaviour for system wide policy
- Sync Mikrotik Hotspot Active user with Kiwire Database
– This will automatically synchronized actual connected user by mikrotik hotspot system with the record in kiwire radius, this is to prevent and lost packet
- Auto Disconnect user connected session when same user relogin.
– This will disconnect the user previous detected connection,this will prevent roaming ghost issue by some network.
- Suspend Users Account when credit has been exhausted
– This will suspend all user whose credit has been fully utilized. The policy will apply to archive and active database.
7.1.2 Mac security
The mac security module let you control security policy based on Mac address of the devices. This include the functionality of auto register users device mac address to their account and if enable mac security only allow the same device to login using the said username.
|Mac Device Security Setting|
|Mac autologin||Enable Mac auto-login feature that allow user to login
using their mac address that is associated with the user account
|Mac Auto Register||Enable Mac auto register will automatically register user device mac address into the account when there login using the user account given.
*note : if mac security is enabled, the mac auto register function will only work on 1st time the user login using the account subsequent login , user mac device will not be updated to the account
|Mac Security||This feature enable you to prevent user sharing their user account as it will only allow the associated mac device to login using the account, however if Mac auto register is enabled, it will automatically register the user mac address into the account if the account existing mac address record is empty.|
What is MAC Autologin ?
Guests want a seamless, automatic connection to the network. They want to avoid the hassle of searching for a network or logging on via cumbersome portal pages. What’s more, they expect the same level of Wi-Fi performance and security they get at home. Finally, they want to be rewarded for their loyalty with perks like free Wi-Fi and the highest level of performance. Today, operator can truly offer their loyalty members seamless, automatic connection to the Wi-Fi network without portal pages at any location.
The simplest way to automatically connect guests to the Wi-Fi network is by recognizing the media access control (MAC) address on the guest’s device. The MAC address is a unique 12-character identifier assigned to the network adapter located in the guest’s device. MAC authentication has been available for many years and simply requires a guest to opt-in once to have to have their device “remembered” by the network for future connections via the Mac Auto register function in kiwire platform.
The Auto login module let you set auto login for user to automatically reconnect to captive portal and login to network without entering their credential . this will help prevent captive portal fatigue and also enable auto login function to equipment that does not support mac autologin. The cookies autologin will store user login credential into the user browser the moment they login to network successfully , when they reconnect to the same network ,kiwire will check if the cookies exist or still valid , if valid it will autologin the users.
|Cookies autologin||Enable auto-login feature that allow user to login
using browser cookies that is associated with the user account
This module you create new firewall rules. Such as block a user mac address which in effect blocks the user from accessing the network, Block TCP or UDP for block certain website or port from being accessible to the user. The policy can let you set it globally for all NAS/equipment or to a specific NAS equipment
|NAS||Select “ALL” for a global blocking where the firewall rule will be applied to all or to a specific NAS|
|Host/Mac||Hostname/Ip address or Mac address
*Note : the Mac addr format is xx:xx:xx:xx:xx:xx
|Type||Block this IP : Block the IP from user to access the IP or to the network.
Block Mac : Block the mac address from connecting to the network.
Block TCP : Block the TCP Port no from network
Block UDP : Block the UDP port no from network
|Remark||Description of the rules|
The Wallgarden or white list module let you predefined host or IP to be able to bypass the login page. In effect, the walled garden directs the user’s navigation within particular areas, to allow access to a selection of material . This is useful for free marketing information or bypass user.
7.3.1 Add / edit wallgarden entry
|NAS||Select “ALL” for a global where the firewall rule will be apply to all or to a specific NAS ID|
|Destination||Destination Host/domain or IP address that user can access without login|
|Remark||Description of the rules|
The dhcp module is used for assigning a static ip from the mac address when requested, the listing will list all static ip assignment created by administrator as well by system.
7.4.1 Add or edit DHCP entry.
To create a ip assignment click on Assign New IP
|DHCP IP assignment Setting|
|Mac||The mac address of the device|
|IP address||The Ip address that need assign to|
7.5 Radius Attribute
The Radius attribute let you assign additional vendor specific radius attribute and attach it to a specific profile . This is useful if your NAS or device have a requirement of specific radius attribute to be send . Example vlan tunnel , etc etc.
7.5.1 Add / Edit Attributes
To create a attribute and attach it to a profile , click on the create new attribute button.
|Plan||The Plan the attribute will be assign to|
|Attribute||The attribute given , eg “Frame-Pool” for pool assignment|
|Operator||:= : add the item to the reply list.
= : Add item to reply list
*note refer to your vendor for the specific operator
|Value||Value of the attribute|
*Note: Please refer to your device vendor documentation for the correct attribute to be given.
7.6 Zone restriction
The Zone restriction module , let you apply policy to specific user account to be able to login to from specific location via the correspondent zone of the network.
7.6.1 Add / Edit Zone restriction.
To add new zone restriction policy click on the “Create Restriction ” button
- Group name : the new group name for the restriction.
- select the permission , from the left box to the right box ( restricted to )