All the functions of the WNAM Wireless Access Control System version 1.5 are listed below. The WNAM functions appeared after version 1.4 are stated specifically ∗. WNAM is constantly developing (with the annual frequency of major releases). You can always get the latest branch of version your purchased, or the very latest one providing that you own the advanced technical support contract.
Most of our customers are using basic set of WNAM features: SMS authorization, Mikrotik hotspots support, and a simplified page constructor. However, with over 6 years of development WNAM has accumulated a significant number of functions listed below, which enable any customer to implement any flexible authentication scheme.
Hardware support
Wireless access point controllers and access points with hostpot function
- Aruba (controllers 72xx, 70xx, 3xxx and compatible points) with OS versions 6 and 8
- Cisco WLC (with software version 7.0 and later, compatible AIR-LAP points, including Mobility Express)
- Ruckus (ZoneDirector, SmartZone, SmartCell Gateway)
- Bluesocket (vWLAN controllers and BSAP points)
- Zyxel (NXC 2500, NXC 5500, NXC 5200, UAG)
- Mikrotik (access points hAP, cAP, mAP, RB951, RB2011, etc.)
- Ubiquiti UniFi (software controller and points AP, AP Pro, AP AC, etc.)
- HP (MSM 720, MSM 760, MSM 775 and compatible points)
- TP-LINK (controller and EAP and CAP points)
- OpenWRT / dd-wrt with the CoovaChilli portal (on any compatible access points)
- Cambium Networks cnPilot E400, E500, ePMP 1000
- Eltex (WOP and WEP points)
- FortiWLC ∗
- Huawei (AC controllers with Fit points, and standalone AP Fat points)
- Rotek
- Keenetic
- Motorola/Zebra/Extreme Networks WiNG
- Digital China Network (DCN) ∗
- Ruijie Networks ∗
- Zyxel Nebula Cloud Controller ∗
- Fortigate/FortiWiFi Router ∗
- Teltonika RUT ∗
Routers with the captive portal function (the use any Wi-Fi access points is possible)
- Mikrotik (hEX, RB2011, RB3011, RB1100, CCR)
- Cisco SSG/ISG (7200, 7300, 10K, ASR100x, ASR900x)
- pfSense
- Linux in NAT router mode
- Alcatel-Lucent (SR7750 and analogues)
Direct implementation of vendor-specific web-redirect parameters, the RADIUS protocol, and specific application interfaces (APIs) was performed for each of the above types of wireless and wired equipment.
Collection, storage and collation of data on Internet resources visited by subscribers (IP addresses, but not URLs) for some types of equipment is performed by NetFlow protocol versions 5 and 9.
Subscriber authorization methods
- Without authorization (void authorization)
- By manually created account, imported black and white lists
- Sending an SMS to the subscriber
- Receiving SMS from the subscriber
- Making a phone call to a subscriber
- Receiving a phone call from a subscriber
- Using a voucher code
- The account of the “State Services” portal (ESIA)
- A record in the hotel system “Edelweiss” or “UCS Shelter”
- Via login and password in Active Directory
- Via an external system (via API)
- Via an external system (emulating the operation of a Cisco controller)∗
- By the Russian Railways ticket number
- The opportunity to offer a choice of several methods of authorization to a subscriber∗
- Authorization through the central database Commonbase∗
- Access parameters settings for SMS or telephone gateway
- Authorization duration settings
- Authorization page template choice
- Choice of a title and SMS message body
- SMS code length option
- A direct transition to the welcome page or it`s skip
- Advertising campaigns on the auth page
- Assigning VIP status
- A phone number request on every connection session
- Setting a link to the authorization portal in the SMS sent
- The possibility to re-enter the phone number in case of an error
- Auto-detection of the language of the authorization page on the strength of subscriber`s phone settings ∗
- Incomplete authorizations review (unconfirmed SMS codes) ∗
- Authorization reset of a selected set of subscribers
- Control of the permitted number of devices (MAC addresses) per phone number, and phone numbers per device
Ways to send / receive SMS
- Through the API providers SMS CENTER, smstraffic.ru, Websms.by
- USB GSM modem in the WNAM server (gammu)
- Via a provider that supports SMPP
- SMPP intelligent routing capability ∗
- MTS.Communicator
- USB GSM modem plugged in the Mikrotik router
- Any SMS provider with HTTP GET or POST API connection
- HTTP POST JSON support
- Test provider (without sending)
- Script executed on the server ∗
Ways to send / receive a call
- New-Tel Callpassword provider
- BitCall provider
- SMS center smsc.ru provider
- VMESTOSMS provider
- Local PBX Asterisk (receiving a call to a given number)
- Local PBX Asterisk (receiving a call to the pool of numbers) ∗
- Test provider (no call)
- Call via HTTP API ∗
- Звонок через скрипт, исполняемый на сервере ∗
Collected subscribers data and their connection sessions data
- MAC address of the device (unique key)
- Time tracking of the first and last connection, and their amount
- Phone number or other identity data
- Device name (from DHCP request)
- Browser type detection
- Device manufacturer
- An operating system
- Device access lock and unlock
- Automatic access for VIP
- Reset authorization flag
- Telephone operator, country and region
- A social network profile
- Name and / or E-mail
- Logging of authorization attempts, and authorization resets
- Individual restrictions settings for a subscriber:
- Lock (start and end)
- VIP subscriber
- Max Session Duration
- The limitless on the number of sessions per period
- Reception / transmission speed
- Current active session reset
- Counters of authorization SMS and calls
- Payments list and specification
- Current tariff plan
- The possibility to “give time” in the paid access system
One or more records are created for each subscriber upon the session of his connection (the fact of authorization on the network). Every entry reflects:
- The amount of data transmitted and received
- Logging of the start time, session duration and IP address assigned
- Logging of the location and the name / address of the Wi-Fi access point
- Link with the subscriber profile (by MAC address)
- Session identifier (with the ability of collision avoidance)
- Sign of the first / repeated / paid access session
- Detailed statistics record of flows Netflow v5, v9
- Live session drop/reset
- Received signal strength indication record (RSSI) ∗
- The number of RADIUS packets in current session ∗
The WNAM database places no restrictions to the number of records of subscribers, their sessions or limits to the quantity of simultaneously active subscribers.
Authorization is followed by:
- Redirection to the initially requested URL
- Redirection to the previously specified URL
- A welcome page display with an “Internet access” button followed by a redirection to a specified URL
- A possibility for advertisement in the form of a web page, clickable image or a video clip
- An option of setting the number of consecutive advertisement campaigns to be displayed ∗
- Additional login via social network profile
- Conducting a survey
- Redirection to a paid access system (an offer to continue free / paid)
- A request for accepting the terms of access
- The access terms popup window
- Personal data collection (name and / or email)
- A selection of a countdown page displayed before providing the access ∗
Social Networks Support
The integration with social networks requires the following pre-requisites:
- creation of your business profile in every social network
- creation of a “wi-fi authorization application” in the personal account of a social network
- passing the “moderation” of the application
Supported social networks:
- Classmates/odnoklassniki
- In contact/VKONTAKTE
- Post, repost, like, redirect to the group’s page, joining the group (dependently on the social network type)
Access restrictions
Certain types of restrictions occur dependently on the characteristics of the equipment used.
- Subscriber`s session duration
- Data transmission / reception speed
- Traffic volume per session
- Number of sessions for a given period
- Working hours and weekend time access
- SMS limit per subscriber, within the time
- SMS limit within the location over the time interval
- A month`s SMS limit within the location, with automatic replenishment
- The limit-approach notification
- Traffic speed reduction after the limit exhausting
- Lockup with further redirection to a link
- Lockup with further redirection to the page set by the “page constructor”
- Transparent access for the first session
- For a given time
- Accordingly to previous sessions on the given location
- Transparent access for consequent sessions
- Accordingly to the time passed since the previous session
Administrative Web Interface Features
- View a summary of system settings
- Diagrams displaying the number of connections (sessions) and traffic over the past 24 hours
- The indication of active locations and hotspots with time control of recent activity
- The display of system functioning statistics
- Cluster configuration status display
- Server performance settings display
- Display of pages requiring moderation
- Subscriber management
- List of subscribers filtered by type, authorization method, time of access
- A manual adding of a subscriber`s data entry
- Black and white lists import
- Creation of an access voucher
- Subscriber authorization reset in correspondence with three types of parameters
- Reviewing incomplete authorizations
- Viewing and editing of subscriber entries
- Work with sessions
- List of sessions filtered by locations and time of occurrence
- Viewing of a session record with a transition to the traffic flow table and a subscriber record
- Active session reset
- Role model of web-interface users, account editor
- User`s password complexity settings
- Sending a test email to user
- Sending an E-mail with a link to the password reminder
- User`s roles: administrator, operator, portal operator, observer, advertiser, advertising agent, location owner, client manager, provider manager
- Setting rights for the location owner and the manager:
- Hide/display MAC, phone, locations, access servers
- Page templates management: ban, page selection, basic mode, expert mode
- Restrictions on voucher operations
- Page moderation and page limits
- Reports on subscribers
- Survey availability
- Management and editing of advertising campaigns
- Setting the list of available locations
- Logo redefinition on this user’s personal account page
- CSS-style redefinition on this user’s personal account page
- SSID ∗ parameters management
- Work with access servers
- Viewing and editing the list
- Choice of access server type, name, login / password, external and internal addresses
- Accounting activation, device name identification, NetFlow
- Setting of RADIUS attributes parameters of pre- and post-authorization
- Resetting of all active sessions on the access server
- Work with locations
- Setting the name, address and appointing a person in charge
- Setting the range of IP addresses, address after NAT
- Linking to the access server
- Personal configurations for authorization, greetings, restrictions, social networks and RADIUS
- Hierarchy and grouping of locations
- Location category settings for advertisement targeting
- Work with a list of access points (name, MAC, vendor, model, number of total / active sessions, current location)
- General authorization settings, redirection (greetings), restrictions
- Work with paid access system tariffs
- List of tariff plans
- Daily number of free/paid sessions
- Selection of a tariff description page
- Free session duration
- Advertising
- Cost and duration of the tariff option
- Subscriber portal web page builder
- Filtered by pages owned by a user and pages requiring moderation
- Five categories (types) of pages
- Basic and expert modes
- Page preview in various presentations as well as in a separate window
- Renaming and cloning a page, access rights
- Import, export or copying of a page style
- Page settings reset (settings only or the whole template)
- Moderation
- Internationalization support and 6 languages
- Visual editing of the design (colors, fonts, background, logos)
- Editing all titles
- Terms acceptance checkmark and the content of conditions
- Enabling the access through public services (ESIA) and / or a voucher
- Possibility to include video clips
- External additional files upload
- Personal data request
- Email address request
- Work with vouchers
- Individual and group vouchers
- Default voucher settings
- Automatic deletion of expired vouchers
- Binding an activated voucher to subscribers
- Setting the validity period, activation period, speed limits, session duration, number of devices, voucher scope
- A voucher printable template selection
- Printing out a voucher or group of a voucher in the form of templates or a code table
- Advertising campaigns settings
- Social networks settings
- Settings for surveys with online editor
- Notifications settings
- List of notifications
- Facts of redirecting, authorization, new session
- Filtering by location, suppression of repeated sessions
- Alerts via script, HTTP GET / POST, MLA
- Session parameters transition
- Interaction with SORM (Lawful intercept) (sending specialized RADIUS messages)
- General settings
- Test interfaces activation
- API activation
- Regular check of access server availability
- Voucher code format
- The number of MAC limits for 1 phone number
- WNAM License parameters
- Work with the database
- Viewing cached data
- Parametric viewing of system events (logs)
- Report issue
Location Owner`s Interface Features
- Viewing diagrams of subscribers and sessions
- Viewing a list of sessions
- Run reports (8 regular reports)
- Viewing of location settings
- Location restrictions settings
- Creating a voucher
- Resetting a subscriber`s session
- Resetting a sign of subscriber access activation
- Page constructor in various modes
- Moderation of pages
- Creation and management of advertising campaigns
Advertising Campaign Features
- Advertiser’s personal account
- Personal account of an advertising agent
- Ability to place ads by the owner of the location and the administrator himself
- Creating an arbitrary number of advertising campaigns
- Issue of reports (5 regular reports)
- Time range and advertisement presentation management
- Priority Management
- Management of the presentation scheme (SMS or post-authorization pages)
- Selection of display locations
- Selection by location category
- Choice of the day of the week and time of day
- Choosing an audience according to the social network account (gender, age, city, social network)
- Selection according to the parameters of the subscriber’s device (manufacturer, operating system, mobile operator, operator region)
- Selection based on previous displays of actual or any other advertisement
- Choice based on historical information on connecting at other locations
- Tracking the clicks to interested / not interested buttons/links
Available reports (main unit)
- Activity within a given period
- Activity by loction
- By Wi-Fi access points
- Traffic distribution by volume in a session
- Session duration distribution
- Subscriber:
- Subscriber`s statistics
- Subscriber`s statistics by locations
- Subscriber`s profiles upload
- Subscriber`s returns
- Regular Subscribers
- Top traffic Subscribers
- Language statistics
- Traffic streams and visited IPs
- Mobile device manufacturers
- Advertising campaigns
- By connection time
- By locations
- By campaigns
- By advertisers
- Surveys
- Location crossing
- Search for a Subscriber by phones and sessions
- Search for a Subscriber by IP and traffic
- Phone numbers
- SMS sending and confirmation
- Uploading of sent SMS
- Potential violators
- Uploading phone numbers
- Telecommunications operators and regions
- Unconfirmed numbers
- Social networks
- By type of social network
- According to social network profiles data
- Unloading social network profiles
- Reposts and number of friends
- Paid access
- Subscriber`s Payments
- Purchasing and connections
- Tariffs
- Payment operators
- System performance indications