diff --git a/.gitbook/assets/image (22) (2).png b/.gitbook/assets/image (22) (2).png new file mode 100644 index 0000000..69ddbdf Binary files /dev/null and b/.gitbook/assets/image (22) (2).png differ diff --git a/.gitbook/assets/image (36).png b/.gitbook/assets/image (36) (1) (1).png similarity index 100% rename from .gitbook/assets/image (36).png rename to .gitbook/assets/image (36) (1) (1).png diff --git a/configuration-examples/captive-portal/external-captive-portal.md b/configuration-examples/captive-portal/external-captive-portal.md index d27f363..396d3f8 100644 --- a/configuration-examples/captive-portal/external-captive-portal.md +++ b/configuration-examples/captive-portal/external-captive-portal.md @@ -6,9 +6,9 @@ description: OpenWiFi 2.1 When an external access controller, such as a captive portal appliance or a Universal Access Method \(UAM\) redirector is required to handle subscriber login, OpenWiFi optionally supports builds that include use of CoovaChili. This would be found in build profile chilli-redirect.yml. -To configure a CoovaChilli service, OpenWiFi supports the `"third-party"` schema definition. +To configure a CoovaChilli service, OpenWiFi supports the `"third-party"` schema definition. -Through the use of third-party, many configurations are possible, for external captive portal, third-party will process a services lookup of `"chilli-redirect"` applied to an interface. +Through the use of third-party, many configurations are possible, for external captive portal, third-party will process a services lookup of `"chilli-redirect"` applied to an interface. Within `"third-party"` will be the necessary CoovaChilli configuration parameters. @@ -33,44 +33,44 @@ Within `"third-party"` will be the necessary CoovaChilli configuration parameter } ``` -### NAT Mode +## NAT Mode Associate to an interface: ```text { - "name": "LAN", - "role": "downstream", - "services": [ "ssh", "chilli-redirect" ], - "ethernet": [ - { - "select-ports": [ - "LAN*" - ] - } - ], - "ipv4": { - "addressing": "static", - "subnet": "192.168.1.1/24", - "dhcp": { - "lease-first": 10, - "lease-count": 100, - "lease-time": "6h" - } - }, - "ssids": [ - { - "name": "Hotspot SSID Name", - "wifi-bands": [ - "2G", "5G" - ], - "bss-mode": "ap" - } - ] - } + "name": "LAN", + "role": "downstream", + "services": [ "ssh", "chilli-redirect" ], + "ethernet": [ + { + "select-ports": [ + "LAN*" + ] + } + ], + "ipv4": { + "addressing": "static", + "subnet": "192.168.1.1/24", + "dhcp": { + "lease-first": 10, + "lease-count": 100, + "lease-time": "6h" + } + }, + "ssids": [ + { + "name": "Hotspot SSID Name", + "wifi-bands": [ + "2G", "5G" + ], + "bss-mode": "ap" + } + ] + } ``` -### Bridge Mode +## Bridge Mode In the above example, captive portal redirection occurs via a NAT interface on LAN side or `"downstream"` role. @@ -80,31 +80,29 @@ Associate to an interface: ```text "interfaces": [ - { - "name": "WAN", - "role": "upstream", - "services": [ "chilli-redirect" ], - "ethernet": [ - { - "select-ports": [ - "WAN*" - ] - } - ], - "ipv4": { - "addressing": "dynamic" - }, - "ssids": [ - { - "name": "Hotspot SSID Name", - "wifi-bands": [ - "2G", "5G" - ], - "bss-mode": "ap" - } - ] - }, + { + "name": "WAN", + "role": "upstream", + "services": [ "chilli-redirect" ], + "ethernet": [ + { + "select-ports": [ + "WAN*" + ] + } + ], + "ipv4": { + "addressing": "dynamic" + }, + "ssids": [ + { + "name": "Hotspot SSID Name", + "wifi-bands": [ + "2G", "5G" + ], + "bss-mode": "ap" + } + ] + }, ``` - - diff --git a/configuration-examples/dynamic-air-time-policy.md b/configuration-examples/dynamic-air-time-policy.md index 3bbffcc..f89a333 100644 --- a/configuration-examples/dynamic-air-time-policy.md +++ b/configuration-examples/dynamic-air-time-policy.md @@ -4,9 +4,9 @@ description: OpenWiFi 2.1 # Dynamic Air-Time Policy -Dynamic Air-Time Policy is a service to influence underlying co-ordination function of the Wi-Fi MAC domain per associated UE in terms of priority to use the air interface. +Dynamic Air-Time Policy is a service to influence underlying co-ordination function of the Wi-Fi MAC domain per associated UE in terms of priority to use the air interface. -It is possible to govern certain application use cases such as streaming media or real time communications based on the resolution of those services through DNS. +It is possible to govern certain application use cases such as streaming media or real time communications based on the resolution of those services through DNS. This results in the UE, by its IP address having matched a specific fully qualified domain name or a wildcard therein, to having its air-time weighted priority to the value set in the weight parameter. @@ -23,7 +23,7 @@ This results in the UE, by its IP address having matched a specific fully qualif Note: In release 2.1, airtime-policies must be applied to SSIDs in a NAT configuration. Bridge / VLAN mode SSIDs with airtime-policies will be updated in a future release {% endhint %} -### Possible Uses +## Possible Uses Any application a user may commonly use the OpenWiFi administrator seeks to prioritize air-time for may be triggered via the airtime-policies. @@ -34,5 +34,5 @@ For example: | MS Teams | _\*.lync.com, \*_.teams.microsoft.com, teams.microsoft.com | | Zoom | \*.zoom.us | -Any number of services may interest the administrator for airtime-policies. Simply determine the FQDN or wildcard FQDN applicable and update the OpenWiFi device configuration. +Any number of services may interest the administrator for airtime-policies. Simply determine the FQDN or wildcard FQDN applicable and update the OpenWiFi device configuration. diff --git a/configuration-examples/multi-psk-mdu-multiple-shared-key.md b/configuration-examples/multi-psk-mdu-multiple-shared-key.md index a8f95f7..0ba3da8 100644 --- a/configuration-examples/multi-psk-mdu-multiple-shared-key.md +++ b/configuration-examples/multi-psk-mdu-multiple-shared-key.md @@ -41,6 +41,6 @@ A SSID when configured for multi-psk can have multiple PSK/VID mappings. Each on ``` {% hint style="info" %} -Note: M-PSK passwords must be unique per `vlan-id` as the device will attempt to match security key to assigned virtual lan. In the above example, a password of `OpenWifi` will match the untagged interface of the SSID and unique password of `"akey"` will match client\(s\) to virtual lan 100. +Note: M-PSK passwords must be unique per `vlan-id` as the device will attempt to match security key to assigned virtual lan. In the above example, a password of `OpenWifi` will match the untagged interface of the SSID and unique password of `"akey"` will match client\(s\) to virtual lan 100. {% endhint %} diff --git a/configuration-examples/switching/README.md b/configuration-examples/switching/README.md index fd457df..de50a69 100644 --- a/configuration-examples/switching/README.md +++ b/configuration-examples/switching/README.md @@ -4,5 +4,5 @@ description: OpenWiFi 2.1 # Switching -PoE access switch content... +PoE access switch content... diff --git a/configuration-examples/switching/port-speed.md b/configuration-examples/switching/port-speed.md index 8dd3463..bcb8262 100644 --- a/configuration-examples/switching/port-speed.md +++ b/configuration-examples/switching/port-speed.md @@ -4,9 +4,9 @@ description: OpenWiFi 2.1 # Port Speed -Configuring port speed and operation is most commonly done with PoE access switches however the same configurations are possible for all OpenWiFi device types. +Configuring port speed and operation is most commonly done with PoE access switches however the same configurations are possible for all OpenWiFi device types. -By default all ports attempt 1,000 Mb/s full duplex operation. +By default all ports attempt 1,000 Mb/s full duplex operation. ```text "ethernet": [ diff --git a/getting-started/sdk/deploy-using-docker-compose.md b/getting-started/sdk/deploy-using-docker-compose.md index 0b7344d..ea2c356 100644 --- a/getting-started/sdk/deploy-using-docker-compose.md +++ b/getting-started/sdk/deploy-using-docker-compose.md @@ -71,11 +71,11 @@ ucentral_ucentralsec.wlan.local_1 /bin/sh -c /ucentral/ucent ... Up 127 ucentral_zookeeper_1 /docker-entrypoint.sh zkSe ... Up 2181/tcp, 2888/tcp, 3888/tcp, 8080/tcp ``` -1. Since the certificate for the REST API and other components is self-signed, you have to add it to the system trust store of the containers communicating together internally via TLS. The `add-ca-cert.sh` script located in the Compose project directory does the work for you. +1. Since the certificate for the REST API and other components is self-signed, you have to add it to the system trust store of the containers communicating together internally via TLS. The `add-ca-cert.sh` script located in the Compose project directory does the work for you. - You also have to trust the self-signed REST API certificate on your local machine. To achieve that you either have to add `certs/restapi-ca.pem` to your trusted browser certificates or add certificate exceptions in your browser by visiting `https://ucentral.wlan.local:16001` and `https://ucentral.wlan.local:16002` and accepting the self-signed SSL certificate warnings \(make sure to visit both and add the exceptions\). + You also have to trust the self-signed REST API certificate on your local machine. To achieve that you either have to add `certs/restapi-ca.pem` to your trusted browser certificates or add certificate exceptions in your browser by visiting `https://ucentral.wlan.local:16001` and `https://ucentral.wlan.local:16002` and accepting the self-signed SSL certificate warnings \(make sure to visit both and add the exceptions\). -2. Connect to your AP via SSH and add a static hosts entry in `/etc/hosts` for `ucentral.wlan.local` which points to the address of the host the Compose deployment runs on. +2. Connect to your AP via SSH and add a static hosts entry in `/etc/hosts` for `ucentral.wlan.local` which points to the address of the host the Compose deployment runs on. 3. While staying in the SSH session, copy the content of `certs/restapi-ca.pem` on your local machine to your clipboard and append it to the file `/etc/ssl/cert.pem` on the AP. This way your AP will also trust the self-signed certificate. 4. Go to `http://ucentral.wlan.local` to visit the UI and login with username `tip@ucentral.com` and password `openwifi` if you didn't change the default credentials in the uCentralSec configuration. 5. To use the curl test scripts which are included in the micro service repositories make sure to set the following environment variables before issuing a request: @@ -89,8 +89,8 @@ export FLAGS="-s --cacert /docker-comp Stop the running containers with `docker-compose down` -Check out the new branch by repeating _Step 1_ from _How to_ above for the given release and `docker-compose up -d`. - -Don’t forget to re-add the self-signed certificates to the containers with the provided script. +Check out the new branch by repeating _Step 1_ from _How to_ above for the given release and `docker-compose up -d`. + +Don’t forget to re-add the self-signed certificates to the containers with the provided script. Also be aware that you may have to change back some file permissions. To obtain the most recent changes as the files are under version control, you may have to change the ownership to your user again before pulling changes.