Configuration of VLANs¶
With VLANs it is possible to divide the Surf-LAN network into different scopes, while each scope can be configured individually.
- VLANs can only be configured on the Surf-LAN side of the IAC-BOX.
- If VLANs are active, the incoming traffic from the Surf-LAN has to be tagged.
- All network devices (access points, managed switches, etc.) in the Surf-LAN must be configured properly.
In the WebAdmin menu at Security / VLAN you can add new VLANs and then activate them. Afterwards you can assign different methods to log in for each VLAN.
- Ticket based The user does get redirected to the landing page. Then he needs to login with either an existing ticket, or by creating a new one.
- Autologon/no charge The guest will get logged in automatically with the assigned bandwidth.
- Autologon/no charge/deny roaming The guest will get logged in automatically with the assigned bandwidth. The created ticket is only valid in the VLAN it was created in.
- Autologon/no charge/shared bandwidth The guest will get logged in automatically with the assigned bandwidth. All guests in this VLAN share the configured bandwitdth.
VLAN Configuration with PMS¶
If the PMS-interface is configured in the WebAdmin menu in Modules / Interfaces, you can activate the option Map to room number in Security / VLAN. This will create a VLAN on the IAC-BOX for each room and also enables alternate logon modes:
- Show only room number When guests get redirected to the logon page, the room number field will already be filled.
- Semiautomatic logon Guests do not need to enter any data to logon and automatically get redirected to the ticket selection.
Per VLAN Redirect Before Logon¶
For each configured VLAN a redirect before logon can be assigned.
For example: If a guest gets online via an Access Point near a hotel bar, he can get redirected to a custom page with additional suggestions relating to the hotel bar.
To accomplish this, in the WebAdmin menu navigate to Client Logon / Redirect and fill in all the websites you want to redirect to.
Then switch to Security / VLAN and activate the option Per VLAN redirect before logon. Now you can select a redirect link for each VLAN.
Please keep in mind that you will need to redirect to the IAC-BOX logon-page in return, so the guest can use or create a ticket to access the internet. To establish this backlink, simply add a button or text on your custom redirect page which does point to the logon-page of the IAC-BOX:
- https://proxy.surfnet.iacbox/logon/cgi/index.cgi (old IAC-BOX TLS/SSL certificate)
Web Filter per VLAN¶
If one of the both Web Filter options are active on the IAC-BOX, you can enable the option Bypass Web Filter in the VLAN settings. This option can be useful if you want to assign a VLAN for families/kids or in general if you want to block certain content.
Free Logon per VLAN¶
If the option VLAN Based is configured in the WebAdmin menu in Tickets / Templates, you can activate or disable the Free Logon per VLAN. Navigate to the WebAdmin menu Security / VLAN. Now you can activate or disable the option Allow Free Logon. In addition you can select Yes but PMS authentication required. This means that only users which are valid in your PMS-System can use the Free Logon.
Ticket Templates per VLAN¶
If VLANs are configured on the IAC-BOX you can assign single ticket templates to them. Navigate to Tickets / Templates and edit one. Here you can assign and limit the use with only specific VLANs.
Example 1 - PMS Configuration
In the WebAdmin menu Modules / Interfaces the PMS module is activated and configured. Additional 3 ticket templates are assigned to PMS and also to specific VLANs in Tickets / Templates
- Ticket Template 1: assigned VLANs 10, 12
- Ticket Template 2: assigned VLANs 10
- Ticket Template 3: assigned VLANs 11, 12
Depending on which VLAN guests are coming from, only the PMS tickets which are allowed for the current VLAN are being displayed.
Example 2 - Social Login
The Facebook login is activated and configured in the WebAdmin menu Modules / Interfaces. In addition in section Tickets/Templates one template is assigned to Social Login.
- Ticket Template Social: assigned VLAN 10
Since the ticket template was assigned to VLAN 10 only, the Facebook login is only visible if guests connect from this VLAN.