AltaiCare User Guide

________________________________________
AltaiCare User Guide

Version 2.4
Feb, 2021
Content
Item Topic
1 AltaiCare Overview
1.1 Wireless Network Management Feature Highlights
1.2 Service Control Feature Highlights
2 Case Study
2.1 Typical Network Topology
2.2 Call Flow for Built-In Portal Auth
2.3 Call Flow for Built-In RADIUS Auth (WPA)
2.4 Portal Template Types
3 Before You Begin – AP Configuration
3.1 Access to AP WebUI
3.2 Step 1: Network Setting
Step 2 (Optional): Management VLAN Setting
3.3
(Applicable to local VLAN environment only)
3.4 Step 3: Enable Remote Management
3.5 Step 4: Save & Apply AP Configuration Change
4 Getting Started
4.1 AltaiCare Hierarchy Overview
4.2 Multiple Level Access Control
4.3 AltaiCare Credit System and Policy
4.4 Access to AltaiCare
4.5 AltaiCare Web Interface
4.6 Wireless Management Overview
4.7 Service Management Overview
4.8 Project Management Overview
Content
Item Topic
5 Basic Configuration
5.1 Configuration Procedures
5.2 Step 1: Create new Site
5.3 Step 2: Create new Service Domain
5.4 Step 3: Create Admin Account for Site/Service Domain
5.5 Step 4: Create User Group
5.6 Step 5: Create User Account
5.7 Step 5a: Create Single User Account
5.8 Step 5b: Create Single MAC Account
5.9 Step 5c: Batch import (in .CSV file) of user accounts
5.10 Step 5d: Voucher-based user account batch generation
5.11 Step 6a: Custom Template Portal Setup
5.12 Step 6b: User Defined Template Portal Setup
5.13 Step 7a: Create Security Profile for Portal
5.14 Step 7b: Create Security Profile for WPA
5.15 Step 7c: Create Security Profile for MAC Auth
5.16 Step 7d: Create Security Profile for WPA-PSK
5.17 Step 8: Create SSID (WLAN)
5.18 Step 9: AP Registration
5.19 Step 9a: Single AP Registration
5.20 Step 9b: AP Batch Registration
Content
Item Topic
7 Verification
7.1 Verification: Custom Template Portal
7.2 Verification: User Defined Template Portal
7.3 Verification: WPA – PEAP
7.4 Verification: MAC Authentication
7.5 Verification: WPA-PSK
8 AP Firmware Update
8.1 AP Firmware Compatibility Check
8.2 Single AP Firmware Update
8.3 AP Batch Firmware Update
9 AP Edition & Operation
9.1 Individual AP Configuration
9.2 Basic Operations for Individual AP
9.3 Basic Operations for batch APs
10 WLAN Creation Wizard
11 Branch Configuration
12 Advertising Engine
13 Topology & Location Management
14 Fault Management
15 Statistics Report Management
16 Statistics Monitoring
AltaiCare Overview
Wireless Network Management Feature Highlights
AltaiCare is a cloud-based wireless network management and service control system. The goal is to help end users deploy their WiFi service
as easy as possible, using this All-in-One system.
Wireless Network Management Feature Highlights:
▪ Site-based configuration
▪ Zero configuration
▪ Schedule-based WLAN service provisioning
Configuration ▪ Schedule-based firmware upgrade
▪ Real time AP and station performance statistics Management
▪ Multiple firmware image
▪ Interactive performance statistics diagrams
▪ Top 5 usage stations and AP list
▪ Site/AP performance dashboard
▪ Associated Station List
▪ Google map support
▪ Schedule-based statistics reporting Performance
Network Map ▪ Multi-layer indoor map support
Management
▪ Connection Topology
Network
Management
▪ Real-time alert collection and reporting ▪ 3-tier login for project administrator, site/service domain
Fault Operation and administrator and site/service domain monitor
▪ Visual fault alert via network map
Management Administration ▪ Responsive Web UI – tablet/ jumbo screen (for NOC)
▪ Alert Email Notification
▪ Powerful search engine
Service Control Feature Highlights
Service Control Feature Highlights:
▪ EAP authentication
▪ MAC address authentication
▪ Portal authentication
▪ Per SSID authentication type
Choice of
Authentication ▪ Combined authentication support
▪ Local breakout with roaming support
Service
Control
▪ Local user account database with user
QoS profile ▪ Customizable local portal
Ease of
▪ RADIUS accounting and reporting support Billing Service ▪ External portal service interface
Integration
▪ Prepaid/post-paid (subscription) / guest ▪ Remote RADIUS interface
access models
Case Study
Typical Network Topology and Management Traffic
Legend Gateway for ALL AP

VLAN 100 (Management VLAN for Hotspot 50):
CAPWAP Management Traffic (in VLAN 100) 192.168.100.1/24
NATed CAPWAP Management Traffic to/from

AltaiCare Cloud Server
NOC
Core
Switch
Internet
Gateway
A3c: (Firewall & NAT)
192.168.50.x/24
MGT VLAN: 50
Distribution Switch Note: VLAN setup is optional. You can

deploy your network in non-VLAN
environment to work with AltaiCare.
Distribution Switch
VLAN Trunk:
100, 150, 160, 170
A3w:
192.168.100.30/24
MGT VLAN: 100
A8n(ac): Hotspot 50
Access Switch Access Switch
Hotspot 1 192.168.51.x/24 (Altai Office)
MGT VLAN: 51
Typical Network Topology and Client Traffic
Legend Gateway for ALL AP and wireless clients

VLAN 100 (Management VLAN for Hotspot 50): 192.168.100.1/24
WiFi Ethernet VLAN 150: 192.168.150.1/24 with DHCP Server for WPA clients
VLAN 160: 192.168.160.1/24 with DHCP Server for MAC-Auth clients
VLAN 170: 192.168.170.1/24 with DHCP Server for WPA-PSK clients
Care_CT_Portal VLAN 100 (MGT VLAN)
Care_UDT_Portal VLAN 100 (MGT VLAN)

NOC
Care_WPA VLAN 150 Core
Switch
Care_MAC_Auth VLAN 160 Internet
Care_WPA_PSK VLAN 170 Gateway
(Firewall & NAT)
NATed Client Traffic to/from Internet A3c:

192.168.50.x/24
MGT VLAN: 50
Distribution Switch Note: VLAN setup is optional. You can

deploy your network in non-VLAN
environment to work with AltaiCare.
Distribution Switch
VLAN Trunk:
100, 150, 160, 170 A3w:
192.168.100.30/24
MGT VLAN: 100
A8n(ac): Hotspot 50
192.168.51.x/24 Access Switch Access Switch
Hotspot 1 (Altai Office)
MGT VLAN: 51
Call Flow for Built-In Portal Auth
AltaiCare
Wireless Client AP Local Gateway Internet (On-Cloud)
Client Association to
Wireless Network
Remark:
DHCP Request
AP as #DHCP server, RADIUS
DHCP Response with IP client & authenticator, and
Lease; #See Remark gateway with NAT for
for the IP Pool Info wireless client traffic
User opens a Web Browser AltaiCare as RADIUS server

with HTTP Request User-URL Redirect User to Login Page with Query String - and web portal hosting
https://login.altaitechnologies.com:8443/portal/.../index.html?... server
# 2.4G and 5G clients will get IP

HTTP Response 200 and Return Login Portal Page address from the default pools:
192.168.120.0/24 & 192.168.121.0/24
respectively
Login with valid
Username/Password RADIUS Access - Request
(Username/Password)
User Identity Verified OK and

Redirect User to RADIUS Access - Accept
Landing Page User Data Traffic running in Management
VLAN for VLAN-enabled local network
NAT again for
Outbound Traffic NAT for Outbound Traffic Outbound Traffic
Inbound Traffic Inbound Traffic Inbound Traffic

Call Flow for Built-In RADIUS Auth (WPA/WPA2 Enterprise)
Wireless Client AP AltaiCare (On-

Local Gateway Internet
(Supplicant) Cloud)
Remark:
Client Association to AP as RADIUS client &

Wireless Network
authenticator
EAP Start
AltaiCare as RADIUS server
EAP Request-Identity:
Username/Password
Local Gateway as DHCP
server for wireless clients
EAP Response-Identity: and NAT implementation
Username/Password RADIUS Access-Request (EAP Response-Identity: on their traffic
Username/Password)
Access Challenge Message Exchange
RADIUS Access - Accept

EAP Success
DHCP Request
User Data Traffic running in Service
DHCP Response with IP Lease
VLANs for VLAN-enabled local
from the Pool of Service VLANs network
NAT for
Outbound Traffic Outbound Traffic
Inbound Traffic Inbound Traffic

Portal Template Types
• 3 different ways available for portal design. Each one can its own login feature support and advantages.
1. Custom Template (Built-In)

2. User Defined Template (Built-in)
Login Feature Flexibility on Portal

Support; Layout Design
User Friendliness
3. Package Upload (Built-In/External)
• Below is a table to summarize different login type support for different templates
Predefined User
Auto-Generated User Account Type
Account Type
Sign Up Login 1
Sign Up Login 2 User Account Login
Social Account Login Guest Login (with Passcode return
(no Passcode return (Username /
(Single Button) for login)
required) Password)
Facebook Google Email
Custom Template
✓ ✓ ✓ ✓
(Built-In)
User Define Template
✓ ✓ ✓
(Built-In)
Package Upload
✓
(Built-In/External)
Before You Begin - AP Configuration
Access to AP WebUI
Note:
1. Default IP: 192.168.1.222/24
2. http/https is supported for WebUI access.
3. Default username/password: admin/admin
Step 1: Network Setting
Procedures:
1. Make sure “Switch Mode” is selected as Network
Setting
2. Assign valid IP settings including Management IP
1 Address, Subnet Mask, Default Gateway and DNS
Server IP Address either via DHCP or with Static IP
configuration so that the AP can get access to the
Internet and AltaiCare cloud server
2 3. Click “Submit” button
Note: AltaiCare service is not supported under

Gateway Mode
IMPORTANT NOTE: DNS Server IP is required to

resolve the domain name of the AltaiCare cloud
server: care.altaitechnologies.com. If you are not
sure about your ISP DNS Server IP, you can use
Google Public DNS Server e.g. 8.8.8.8
3
(Applicable to local VLAN environment only)
Procedures:
1. Check the box of Enable VLAN
2. Click “Submit”button to save the changes
1
3. Click “Add VLAN…” button to create a new VLAN
profile for management VLAN
4. Input the management VLAN in the field of VLAN ID
and click “Submit” button. In this example, VLAN 100 is
3 the management VLAN for the local network
Note: Make sure the firewall and IP routing settings
2 of the local network allow the AP traffic to reach

Internet via local management VLAN for the AP
connection with AltaiCare cloud server.
4
5
(Applicable to local VLAN environment only) (Cont.)
Procedures:
6. Click “Management VLAN” button on the newly
created VLAN entry, i.e. VLAN 100, in the VLAN Profile
list
7. Make sure the interface to the Internet to be set to
“Trunk” type. In this case, eth0 is the interface
communicating with AltaiCare, so it is set to “Trunk”
8. Click “Submit” button
6
7 Note: All network nodes and links should be

configured as trunk to all service VLANs and
management VLAN for different kinds of traffic
to/from the AP.
8
Step 3: Enable Remote Management
1
2
Procedures:
1. Check the box of Enable Remote Management
2. Select AltaiCare as Management Type and Cloud as Connection Type. This option will let AP connect to the AltaiCare cloud server (care.altaitechnologies.com)
3. Select one of the following options for the management type on both radios: (1) Radio0(2.4G); and (2) Radio1(5G)
(1) Not Management: Under this mode, all the radio configuration and statistics monitoring will be disabled in AltaiCare
(2) Full Management: Under this mode, the radio will be fully managed by AltaiCare. Any configuration changes made on the AP radio and WLAN profiles in
AltaiCare will be provisioned to the AP. In general, this option is selected when the device is operating in AP mode
(3) Monitor Mode: Under this mode, all the radio settings in AltaiCare will become non-configurable. Also, any configuration changes made on the WLAN
profiles in AltaiCare will not be provisioned to the AP. In general, this option is selected when the device is operating in Station Mode, Bridge Mode and
Repeater Mode for radio statistics monitoring
4. Click “Submit” button
Step 4: Save & Apply AP Configuration Change
Note: Be reminded to click “Save & Apply” at the top right corner of WebUI to make all
configuration changes take effect.
Getting Started
AltaiCare Hierarchy Overview
Note: AltaiCare runs on a project basis. You will be given a

project account at the beginning. From there, you can
Project
freely create/edit/delete your own sites and service
domains with admin/monitor accounts for your project
run.
Site A (Default) Site B … Domain A

(Default)
Domain B …
AP Group AP Group User Group(s) User Group(s)
• Branches • Branches
Portal Profile(s) Portal Profile(s)
WLAN(s) WLAN(s)
Advertisement Advertisement
Security Security Profile(s) Profile(s)
Profile(s) Profile(s)
Map(s) Map(s)
AP Management Service Management

AltaiCare Hierarchy Overview (Cont.)
• Project is the root of Site and Service Domain. Under a Project, there must be at least one Site and one Service Domain.
• Site is a basic unit of AP group for centralized management. All common wireless settings in one site such as SSID and
security configuration can be applied to all APs belonging to that site for simple operation and management.
• Domain is a separate realm for service management which includes user management, captive portal and
advertisement service management. You can have user groups and accounts in there for user services such as
RADIUS/Portal/MAC authentication, accounting and per user service policy control.
Multiple Level Access Control
Note: Three level access controls:

• Project Admin • Manage project credit
Project Admin • Create/manage sites & service domains
• Site Admin and Domain Admin
• Create admin/monitor accounts for sites &
• Site Monitor and Domain Monitor service domains
Site Admin Site Monitor Domain Admin Domain Monitor
• Manage the sites to be • Monitor site status and • Manage the service domains • Monitor user account
assigned, including site statistics to be assigned, including profile, login history and
• Register/deregister APs • Create/edit/delete user groups session statistics
• Create/edit/delete WLAN and user accounts • Monitor advertisement
& security profiles • Create / edit / delete portal view/click count statistics
configuration
• Create/edit/delete
advertisement configuration
AltaiCare Credit System and Policy
AltaiCare uses a credit system to determine how many and how long the APs can be managed with an AltaiCare account. The credit system deducts
credits for the APs being managed by AltaiCare, using the following consumption rates for different AP models:
A8n/A8n(ac) series: 25 credits per day per unit

A3Ei/AX500 series: 8 credits per day per unit
A3c/A3w/A2/A2e: 6 credits per day per unit
A2c/C2s/Cx200/IX500/VX200: 2 credits per day per unit
C1n/C1an series: 1 credit per day per unit
Note: Once an AP is successfully connected to AltaiCare, the credit system will start counting and deducting credits for that AP on a daily basis (UTC
time from 00:00 to 24:00). If an AP has been offline in AltaiCare for a full day (24 hours), the corresponding credits for that day will then NOT be
deducted.
Example:
For an account with 100 credits left, the time that the AP(s) can be managed by AltaiCare is as follows.
Scenario 1: 1 x A8Ein for 4 days

Scenario 2: 4 x A8Ein(ac) for 1 day
Scenario 3: 2 x A3Ei and 2 x C2s for 5 days (100/(2x8+2x2) = 5 days)
Scenario 4: 5 x A2c and 10 x C1n for 5 days (100/(5x2+10x1) = 5 days)
Scenario 5: 1 x A3Ei and 5 x A3c for 2 days (100/(1x8+5x6) = 2 days with 24 credits left).
In Scenario 5, the remaining 24 credits will not be processed for the 3rd day of operation due to insufficient credits. AltaiCare will accordingly cut off its service and AP WLAN
operation until further credit refill. To avert AltaiCare service suspension, we recommend you refill credits one month earlier before credit exhaustion. AltaiCare will also help
send email notification and show alert messages on the GUI to remind project admin of credit refill, in one-month advance. For details about credit request and install, please
refer to here.
Access to AltaiCare
Note: For the best compatibility,

it is strongly recommended the
web browser “ Google
1 Enter “care.altaitechnologies.com”
Chrome” be used to access the
in the address bar of the browser,
AltaiCare WebUI.
and it will go to the WebUI
Note: HTTP and HTTPS are

supported for access to
AltaiCare platform.
2 Enter the project account

credentials given to you
3 Click button
AltaiCare Web Interface
Management Tabs Function Buttons

Current Directory Search Engine
Navigation Pane Content Window

Wireless Management Overview
Wireless: Manage sites and AP related settings, i.e. WLAN/Security Profiles, etc.
Dashboard: Display a summary on wireless statistics about Site
Network > Access Point: Manage a pool of AP for Site/Branch setup

Network > Wireless LAN: Manage a pool of WLAN profiles which are provisioned to the registered APs in Site/Branch for SSID
broadcast and services
Network > Security: Manage a pool of security profiles which are applied to WLAN profiles for user authentication services
Network > Station: Manage a list for associated stations within the Site
Network > Branch: Manage a Branch list for AP subsets to broadcast different sets of SSID for different services within the Site
Network > Map: Maintain a list of site maps for topology management
Network > Firmware Update: Show AP firmware update status for the site
System > Firmware: Show a list of available firmware for update

System > Report: Manage report configuration and maintain a pool of generated reports about individual APs and whole site
System > Alert: Keep various alerts associated with APs in Site for administrators’ operation
Site List: Show a list of different sites with site-related statistics summaries under the project; and Let admin/monitor users switch
among different sites for operation
Service Management Overview
Service: Manage user groups and accounts for user authentication services and policy
control; and manage portal-related services, i.e. portal and advertisement setup.
Dashboard: Display a summary on user statistics and activities for the Service Domain
User > User Group: Manage user groups with different service policies for creating user accounts
User > User Account: Manage user accounts under the Service Domain
User > Account Generation: Generate random-based prepaid user accounts in batch
Portal: Manage a pool of portal configuration profiles with using different templates and login methods
Advertisement: Manage a pool of advertisement profiles which are to be applied to different portals for user
advertisement services
System > Report: Manage report configuration and maintain a pool of generated reports about service.
System > Alert: Keep various alerts associated with Domain for administrators’ operation
Advanced > ACCT Record: Download the radius accounting log for specified period.
Domain List: Show a list of service domains with associated site information under the project; and Let admin/monitor
users switch among different service domains for operation
Project Management Overview
Project (For Project Admin ONLY): Manage admin/monitor accounts of the

associated Sites and Service Domains; and manage project credits
Dashboard: Display Project summary on the number of Sites, Service Domains and Admin Accounts created;
and manage project credits.
Admin Account: Manage admin/monitor accounts of the associated Sites and Service Domains.
Basic Configurations
Configuration Procedures
Project Admin Project Admin / Domain Admin Project Admin / Site Admin
Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9
Portal 6a: Custom

(Custom Template 7a: Create
Template) #See Portal Setup Security
Remark
Profile for
Portal
Portal (User 6b: User
Defined Defined
Template) Create Portal Setup
5a/5c/5d:
New Create
Create Create User
Service User Group 7b: Create
Admin Account
WPA Create Domain Security Create SSID AP
Account for Profile for
(RADIUS) New Site (WLAN) Registration
Site/Service WPA
Domain
5b/5c: 7c: Create
MAC Auth Create MAC Security
Account Profile for
MAC Auth
7d: Create
WPA-PSK Security
Profile for
WPA-PSK
#Remark: Step 5 can be skipped for the portal authentication using Guest Login, Sign Up and Social Account Login.
Step 1: Create New Site
Step 1: Create New Site – Basic Setting
Procedures:
1. Click to create a new site.
2. Give a name for the site. In this example, we create a site called “Altai Office” for demo
2
purpose.
3
3. Specify the time zone in Coordinated Universal Time (UTC) for the site. All the site/AP-
4 related operations such as WLAN service scheduler, firmware update scheduler, and alert
5 /statistics report are all based on this clock setting. By default, it is set to UTC+08:00
4. Specify the time zone area.
5. If necessary, Enable Daylight Saving during the summer time. By default, it is disabled.
6
6. Click button and an entry for the new site will be added to the Site List.
Note: By default, a Default Site is automatically created for every project account. It is not allowed to remove that site. However,
Project Admin is free to create/delete his/her own additional sites for project needs.
Step 1: Create New Site - Default Radio Setting
A new site entry is created. To make changes on the site details, click
button on the entry. You can modify default radio settings in there. Wireless Mode: Control what 802.11 standards and how wide of channel bandwidth to
be used for AP operation. Each combination of 802.11 standards and channel
bandwidth will have different data throughput performance.
Different AP models can have different available Wireless Modes for selection. For
simplicity, there are two options available for every newly joining AP: 1) Auto; and 2) Use
AP Setting. Once the AP is successfully registered and added to the site, you can
specify which Wireless Mode to be run through the AP entry detail setting. For details,
refer to Advanced Configuration - Individual AP Setting.
Country Code: Select the country where Site/AP is located. Configuring a
country code ensures that the radio regulatory domain such as frequency • Auto: AltaiCare automatically selects the most generic wireless mode for AP
bands, channels and transmit power levels are compliant with country- operation under different kinds of environment. By default, 802.11ng HT20 is selected
specific regulations. By default, it is set as Hong Kong. for 2.4G radio and 802.11ac HT20 / 802.11na HT20 for 5G radio.
• Use AP Setting: AltaiCare will not alter the AP wireless mode setting and keep it as it
is in AP WebUI for its first time to associate to the AltaiCare system. To change the
Wireless Mode configuration, you have to go to AP WebUI.
By default, it is set as Auto.
Tx Power: Set the AP transmission power on 2.4G/5G radios. Tx Power can be adjusted in
the following different levels.
• MAX: Maximum Tx power that AP supports
• 1/2: 1/2of maximum Tx power
• 1/4: 1/4 of maximum Tx power
• Use AP Setting: AltaiCare will not alter the Tx Power setting and keep it as it is in AP
WebUI for its first time to associate to the AltaiCare system
Channel / Auto Channel Selection Interval (Min): See next slide

Step 1: Create New Site – Default Radio Setting (Cont.)
Channel: Set operating frequency channel for 2.4G and 5G radios.

Different AP models can have different radios/frequency bands supported. For simplicity,
there are two options available for every newly joining AP: 1) Auto; and 2) Use AP Setting.
Once the AP is successfully registered and added to the site, you can specify which channel
to be run through the AP entry detail setting. For details, refer to Advanced Configuration -
Individual AP Setting.
• Auto: AltaiCare automatically selects the best channel for the AP, based on the following
ACS (Auto Channel Selection) factors:
➢ Air busy%;
➢ Number of neighboring AP occupying the channel; and
➢ Noise floor
• Use AP Setting: AltaiCare will not alter the AP channel setting and keep it as it is in AP
WebUI for its first time to associate to the AltaiCare system. To change the channel, you
have to go to AP WebUI.
By default, it is set as Auto.
Auto Channel Selection interval (Min): Set a schedule (in Minutes) to perform channel
scanning periodically for the best channel selection. This option is available only when the
channel is selected as “Auto”. “0” means the feature disabled.
Step 1: Create New Site – Default System Setting
TRUST IP: Set the trust IP for accessing to the WebUI of AP registered in this site.
There are two options available for every newly joining AP: 1) Custom
Mode; and 2) Use AP Setting.
The max number of custom IP is 4.
AP ACCESS ACCOUNT SETTINGS: Set the access account for admin/guest to

login the WebUI of AP registered in this site.
There are two options available for every newly joining AP: 1) Custom Mode; and
2) Use AP Setting.
Note: Remember to click button at the page bottom to make all

changes take effect.
Step 2: Create New Service Domain
Step 2: Create New Service Domain – Basic Setup
Procedures:
1. Click to create a new service domain.
2. Give a name for the domain. In this example, we create a site called “Altai
WiFi Service” for demo purpose.
1
3. Select and map the existing sites to the service domain for user
authentication and service control. The mapping allows and makes the ONLY
connection between Site Wireless Security and Service Domain. In other
words, Site Admin is granted to add the relevant User Groups from the Service
Domain for the wireless security profile setting, i.e. portal, RADIUS and MAC
authentication.
4. You can either choose all or particular sites for the mapping.
1. All Sites: With this option selected, all sites will be made connection
2
to the service domain for wireless security profile setting.
3
2. Custom Mode: With this option selected, only a pool of selected sites
will be made connection to the service domain for wireless security
profile setting.
4. Specify the time zone in Coordinated Universal Time (UTC) for the service
domain. All the service-related operations such as User Group/Account expiry 4
control and user login/traffic statistics report are all based on this clock setting. 5
By default, it is set to UTC+08:00 6
5. Specify the time zone area.
6. If necessary, Enable Daylight Saving during the summer time. By default, it is 7
disabled.
7. Click button and an entry for the new domain will be added to the
Domain List.
Step 3: Create Admin Account for
Site/Service Domain
Step 3: Create Admin Account for Site/Service Domain
Procedures:
1. Click to create a new admin account
1
Step 3: Create Admin Account for Site/Service Domain (Cont.)
Procedures:
2. Input a username for the new account.
2 3. Input a string not less than 6 characters for the password.
4. Retype the password to confirm it.
3
5. Define a site role for the account:
4 Site Admin: who has all access rights for the assigned sites (which is specified in item #6), i.e.
register/deregister APs, create/edit/delete WLAN and security profiles, etc.
5 Site Monitor: who can only monitor the site status and statistics. Any operations on site/wireless-
related configuration is forbidden.
6 6. Specify the site(s) to be managed for the account.
7. Define a domain role for the account:
7a Domain Admin: who has all access rights for the assigned service domains (which is specified in
item #8), i.e. create/edit/delete service-related settings such as user groups, user accounts,
9 portals and advertisement.
OR Domain Monitor: who can only monitor the domain status and statistics. Any operations on
10
domain-related configuration is forbidden.
This Service Domain is Derive From Site Role Setting: which will automatically assign domain admin/monitor role for site
mapped and applied
to the Site “Altai admin/monitor respectively. The domains to be managed for this setting are ONLY limited to
7b Office” ONLY those which are applicable to the sites selected in item #6. In other words, with this setting, you
are NOT allowed to manage the service domains which apply to ALL sites.
8
8. Select the existing service domains to be managed for the account. The pool contains the service
domains which are applicable to the sites selected in item #6 and those which apply to ALL sites.
This one is applied 9. Enter the user’s email address of account registration.
to ALL sites 10. Click button to open and confirm the account.
Step 4: Create User Group
Step 4: Create User Group
Procedures:
1. Click to create a new User Group.
2. Give a name for the group. 1
3. Select one of the following User Type which is to define the user
account nature for the user group. Three user types available here:
(1) Prepaid: As the name suggests, “Prepaid” requires the users pay before the service.
This kind of service is always to be valid for a certain period. Once expired, it will stop
the service.
(2) Subscription: On the other hand, “Subscription” means post-paid service. This kind of
service is always long-term. Users have to foot the monthly bill to maintain the service.
Therefore, their data quota is reset in every month.
(3) Guest: Not like prepaid and subscription users, this kind of users do not need to
possess a valid account and can still enjoy the WiFi service. Common examples are 2
portal guest and sign up for public WiFi. In this case, AltaiCare will automatically
generate accounts for this kind of anonymous users for service and policy control. 3
4. Choose one of the following Authentication Method which is to define user account
4
type for different authentication purposes:
(1) WPA/Portal: Use “username/password” as user account for #portal authentication or 5

WPA authentication (PEAP).
(2) MAC: Use device MAC address as username of user account for MAC
authentication.
#NOTE: For portal guest/sign up/social account login users, they are automatically
assigned with “username/password” type of account by the system.
5. Click button to confirm the user group creation.

Step 4: Create User Group (Cont.)
Overall, we created the following 5 user groups for the demo:

(1) Guest Group – Used for portal guest login and sign up login via SSIDs: “Care_CT_Portal” and “Care_UDT_Portal”
(2) PP User Group – Used for portal username/password login via SSID: “Care_UDT_Portal”
(3) SC User Group – Used for WPA authentication via SSID: Care_WPA
(4) PP MAC Group – Used for MAC authentication via SSID: Care_MAC_Auth
(5) SC MAC Group – Used for MAC authentication via SSID: Care_MAC_Auth
Next, click on each of the newly created entries of user group for further configuration.
Step 4: Create User Group – Group Setting
Device Lock: it will lock the FIRST client's MAC address to an account under the user group. Any other clients trying
to use the same account for login at a later time will be rejected.
Group Expiry:
It can be either defined with a specific date and time or set as “No
Limit”.
Once the user group is expired by the specified time, all the user
accounts belonging to that user group will be expired as well at the
same time.
The group can be re-activated by setting another time without “No
Limit” or changing to “No Limit”.
With this feature enabled, AltaiCare will automatically remove the expired users belonging to the user group from
AltaiCare database in X days later.
Step 4: Create User Group – User Account Default Setting (Guest/Prepaid Type)
Note: All guest, #sign-up and social login users are all automatically Applicable to prepaid type of user account ONLY. It defines the period of time the
assigned with individual accounts using their unique wireless MAC address. account is valid for. It starts from the time when the users log in the system for the first
time. If the account becomes expired before the current session timeout, the user can
#Except those using the type of Email Sign-Up with verification code return.
still access the network until session timeout or idle timeout.
The user account will be generated using their registered Email as login
It can be either defined by “Limit mode” in unit of Minute(s), Hour(s) or Day(s) or set as
name.
“No Limit”.
Applicable to prepaid type of user account ONLY. It is to set the data quota (sum of
uplink and downlink traffic) for each user account of this User Group.
It can be either defined by “custom mode” in a range from 1 to 100000MB or set as “No
Limit”.
Set upper limit to the UL and DL throughput for each user under the User Group. The
unit is in kbps. In other words, setting of 10000 means 10Mbps of throughput limit for
each user. It can be either defined by “custom mode” in a range from 1 to
1000000kbps or set as “No Limit”.
Define how long (in minute) one session will last for upon users’ successful login. Once
the current session is expired, users have to log in the system again for network access.
Define how long (in minute) the session is idle for. When there is no wireless traffic
running for a period defined here, the user will be kick out of the session. Users have to
log in the system again for network access.
Not applicable to portal guest, sign up and social login users. It is used for pre-defined
user account type and defines how many concurrent users using the same account
VLAN ID: Define the VLAN ID for the user under this user group.
(username/password) to log in the WiFi network.
Note: The only difference between Guest and Prepaid types lies on the default account setting of Validity. By default, guest type accounts
are set to 2 hours of validity while prepaid type accounts are set to “No Limit”.
Step 4: Create User Group – User Account Default Setting (Subscription Type)
Applicable to subscription type of user account ONLY. It defines the period of time
to reset the data quota to the value as specified in the next item. It starts counting
from the time as specified when user account is created (refer to Step 5 Account
Start Time Setting). If the data quota is used up before the current session timeout,
the user can still access the network until session timeout or idle timeout.
The reset period can be on a Daily, Weekly or Monthly basis.
Applicable to subscription type of user account ONLY. It defines the data quota
(sum of uplink and downlink traffic) to be reset for each user account of this User
Group. It can be either defined by “Limit mode” in a range from 1 to 144000MB or
set as “No Limit”.
Set upper limit to the UL and DL throughput for each user under the User Group. The
unit is in kbps. In other words, setting of 10000 means 10Mbps of throughput limit for
each user. It can be either defined by “Limit mode” in a range from 1 to
1000000kbps or set as “No Limit”.
Define how long (in minute) one session will last for upon users’ successful login.
Once the current session is expired, users have to log in the system again for network
access.
Define how long (in minute) the session is idle for. When there is no wireless traffic
running for a period defined here, the user will be kick out of the session. Users have
to log in the system again for network access.
VLAN ID: Define the VLAN ID for the user under this user Not applicable to portal guest, sign up and social login users. It is used for pre-
group. defined user account type and defines how many concurrent users using the same
account (username/password) to log in the WiFi network.
Step 4: Create User Group – Account Registration Configuration
For portal sign up users only. By defining unique items (Email/Mobile) here, it prevents
users from submitting the same information over multiple devices for portal sign up.
Assume “E-mail” as unique item. That means users cannot use the same E-mail to sign
up over two devices. To sign up 2 accounts, users have to use 2 different E-mail
addresses.
Applicable for auto-generated user accounts such as portal guest, sign up and
social login. When it is enabled, it will renew the account and reset the data quota in
an interval defined here.
It is in unit of Minute(s), Hour(s) and Day(s). It starts counting from the time the
account is activated (at the moment the users log in the portal).
For example, set the guest user account (portal guest / sign up / social login) to be
valid for 2 hours. And then enable “User Renovate” feature and set “Renovate
Period” as 1 day.
That means the user can log in to get a session for 2 hours. To regain the session, the
user has to wait for next day and then log in the portal again.
Therefore, the portal guest / sign up / social login users can get 2 hour session every
ENABLE RENOVATE SCHEDULE: Define the specified time to do the user day.
renovation.
SCHEDULE FREQUENCY: There are two options 1) Specific Time At Every
Day; 2) Specific Time At Every Week. Note: Remember to click button at the page bottom to make all
SPECIFIC TIME: Define the detail time of user renovation. changes take effect.
Step 5: Create User Account
Step 5: Create User Account
We provide the following three ways of user account generation.
Supported User Account Type

User Account Generation
WPA/Portal MAC Auth Remarks
Method
Prepaid Subscription Prepaid Subscription
(1) Single User Account For WPA/Portal user account setup procedures, go to Step 5a
✓ ✓ ✓ ✓
Generation For MAC account setup procedures, go to Step 5b
(2) User Account Batch Import

✓ ✓ ✓ ✓ For user account setup procedures, go to Step 5c
(in .CSV file)
(3) Voucher-based User

✓ N/A N/A N/A For user account setup procedures, go to Step 5d
Account Batch Generation
Step 5a/5b: Create Single User Account
Procedures:
1. Click to create a new user account. For WPA/Portal type of user account generation, go to Step 5a. For MAC Auth type of user account
generation, go to Step 5b.
1
Step 5a: Create Single User Account (Prepaid)
Procedures:
2. Give a name for the account. This name is not used for login.
3. Choose Prepaid as User Type for the user account.
4. Check the box of Activation Status; otherwise, the account will become disabled. 2
5. Assign the user account to the User Group which have been created in Step 4. It should give
3
you a pool of prepaid type of user groups for selection, e.g. PP User Group and PP MAC
Group.
4
6. Enter Username for user login.
7. Enter Password for user login. 5
8. If necessary, you can check the box of “Device MAC” which will bind the account to a
particular device by the MAC address specified here. In other words, the account cannot be
6
shared with other devices. The MAC can be in colon-separated or hyphen-separated format
7
with either uppercase or lowercase alphabets, e.g. XX:XX:XX:XX:XX:XX or xx-xx-xx-xx-xx-xx
9. Set Validity of the user account. For the term definition, see Step 4: Create User Group – User 8
Account Default Setting. There are three options available: (1) Custom Mode; (2) No Limit;
and (3) Use Group Default Setting of the selected user group in item 5. 9
10. Set Data Quota (MB) of the user account. For the term definition, see Step 4: Create User
10
Group – User Account Default Setting. There are three options available: (1) Custom Mode;
(2) No Limit; and (3) Use Group Default Setting of the selected user group in item 5.
11
11. Click button and a new user account entry will be created in the list. See the list here.
Step 5a: Create Single User Account (Subscription)
Procedures:
3. Choose Subscription as User Type for the user account.
4. Check the box of Activation Status; otherwise, the account will become disabled. 2
5. Assign the user account to the User Group which have been created in Step 4. It should
give you a pool of subscription type of user groups for selection, e.g. SC User Group and 3
SC MAC Group.
4
6. Select a date to control when the users can start using the account.
7. Enter Username for user login. 5
8. Enter Password for user login.
9. If necessary, you can check the box of “Device MAC” which will bind the account to a 6
particular device by the MAC address specified here. In other words, the account
7
cannot be shared with other devices. The MAC can be in colon-separated or hyphen-
separated format with either uppercase or lowercase alphabets, e.g. 8
XX:XX:XX:XX:XX:XX or xx-xx-xx-xx-xx-xx
10. Set Recurrent Data Quota (MB) of the user account. For the term definition, see Step 4: 9
Create User Group – User Account Default Setting. There are three options available: (1)
10
Custom Mode; (2) No Limit; and (3) Use Group Default Setting of the selected user group
in item 5. 11
11. Click button and a new user account entry will be created in the list. See the list
here.
Step 5b: Create Single MAC Account (Prepaid)
Procedures:
2. Give a name for the account.
3. Choose Prepaid as User Type for the user account.
4. Check the box of Activation Status; otherwise, the account will become disabled.
2
you a pool of prepaid type of user groups for selection, e.g. PP User Group and PP MAC 3
Group. In this case, we select “PP MAC Group” which should contain a number of MAC
4
entries for MAC authentication.
6. Enter the device MAC for user login. The MAC to be specified here can be in colon- 5
separated or hyphen-separated format with either uppercase or lowercase alphabets, e.g.
6
7. Set Validity of the user account. For the term definition, see Step 4: Create User Group – User 7
Account Default Setting. There are three options available: (1) Custom Mode; (2) No Limit;
8
and (3) Use Group Default Setting of the selected user group in item 5.
8. Set Data Quota (MB) of the user account. For the term definition, see Step 4: Create User 9
Group – User Account Default Setting. There are three options available: (1) Custom Mode;
(2) No Limit; and (3) Use Group Default Setting of the selected user group in item 5.
Step 5b: Create Single MAC Account (Subscription)
Procedures:
2. Give a name for the account.
3. Choose Subscription as User Type for the user account.
4. Check the box of Activation Status; otherwise, the account will become disabled.
2
you a pool of subscription type of user groups for selection, e.g. SC User Group and SC MAC 3
Group. In this case, we select “SC MAC Group” which should contain a number of MAC
entries for MAC authentication. 4
6. Select a date to control when the user can start using the account.
5
7. Enter the device MAC for user login. The MAC to be specified here can be in colon-
separated or hyphen-separated format with either uppercase or lowercase alphabets, e.g. 6
7
8. Set Recurrent Data Quota (MB) of the MAC account. For the term definition, see Step 4:
Create User Group – User Account Default Setting. There are three options available: (1) 8
Custom Mode; (2) No Limit; and (3) Use Group Default Setting of the selected user group in
9
item 5.
Step 5a/5b: Create Single User Account / MAC Account
Overall, we created the following 4 user accounts for the demo:
Account Name Username Password User Group Purpose

ppuser01 ppuser01 ppuser01 PP User Group Used for portal username/password login via SSID: “Care_UDT_Portal”
scuser01 scuser01 scuser01 SC User Group Used for WPA authentication via SSID: “Care_WPA”
ppmac01 44:85:00:99:23:d4 N/A PP MAC Group Used for MAC authentication via SSID: “Care_MAC_Auth”
scmac01 9c:4e:36:8c:c9:e0 N/A SC MAC Group Used for MAC authentication via SSID: “Care_MAC_Auth”
Step 5c: Batch import of user accounts
Procedures:
1. Click to pop up a window for importing user list file.
2. Click “Users Sample” to download a user list template.
2
Step 5c: Batch import of user accounts (Cont.)
Procedures:
3. Click “Save” button.
4. Open the file “batch_user_sample.csv”.
6. Assign the user account to one of the User Groups which have been created in
Step 4, e.g. PP User Group and SC User Group for WPA/Portal Authentication;
and PP MAC Group and SC MAC Group for MAC Authentication in our example.
7. Enter Username for user login. For MAC Authentication, the username is the client
MAC address can be in colon-separated or hyphen-separated format with either
uppercase or lowercase alphabets,
3 e.g. XX:XX:XX:XX:XX:XX or xx-xx-xx-xx-xx-xx
8. Enter Password for user login. For MAC Authentication, this item is not applicable
4 and you can keep it blank.
9. Set Data Quota for Prepaid User Account (MB) / Recurrent Data Quota for
Subscription User Account (MB). For the term definition, see Step 4: Create User
Group – User Account Default Setting. You can specify a custom value for the
accounts or leave it blank to use User Group Default Setting of the selected user
5 6 7 8 9 10
group in item 5.
10. Set Validity (Min) for the Prepaid User Account. For the term definition, see Step 4:
Create User Group – User Account Default Setting. You can specify a custom
value for the accounts or leave it blank to use User Group Default Setting of the
selected user group in item 5. This item is not applicable to Subscription User
Account and you can leave it blank as well.
11
Procedures:
13 11. Go back to the “Import Users” window and click “Choose File” button to
upload the user batch file.
12. A window pops up. Select the modified batch_user_sample.csv file and
click “Open” button
13. Click button.
Note: You are allowed to import up to 5,000 user account entries for
each time of batch import.
12
Overall, we created the following 6 user accounts via user batch import:
Account Name Username Password User Group Purpose

ppmac02 c4:85:08:90:1e:47 N/A PP MAC Group Used for MAC authentication via SSID: “Care_MAC_Auth”
scmac02 dc:37:14:2c:ae:C8 N/A SC MAC Group Used for MAC authentication via SSID: “Care_MAC_Auth”
Note: In case of error during user batch import, it will give you warning . It might be caused by
➢ same account name or username of multiple entries; or
➢ Inputting a non-existing User Group name
For alarm details, go to the next slide.
Tells you how many accounts are successfully

created and how many are failed for the event
of user account batch import
Step 5d: Voucher-based user account batch generation
(For WPA/Portal Prepaid Account ONLY)
Note: For demo purpose, we created a new WPA/Portal prepaid type of User Group called “PP Voucher User Group” for user account batch
generation in this Section
Procedures:
1. Click to pop up a window for prepaid user account batch generation.
1
Step 5d: Voucher-based user account batch generation (Cont.)
Procedures:
2. Enter the number of user accounts (max 5,000) for one batch generation.
3. Assign the whole batch of accounts to one of the prepaid User Groups that have been
2
created in Step 4. In this example, we assign all 10 accounts to “PP Voucher User Group”.
4. Check the box of Activation Status; otherwise, the accounts will become disabled. 3
5. Give a user name prefix of 1-8 characters long for the batch identification. The account
name which is in form of “<Prefix>_<Index starting from 1>” is not used for user login. In this 4
example, we give it as “Jul2017”.
5
6. Select one of the following options for User Login Name Combination:
• Prefix & Index: With this option selected, user names will be in form of “<Prefix which is
6
defined in item #7><Index starting from 0>”
• Prefix & Random: With this option selected, user names will be in form of “<Prefix which 7
is defined in item #7><Random generated string of length defined in item #8>”
• Random: With this option selected, user names will be in form of “<Randomly 8
generated string of length defined in item #8>”
9
7. Input a string of 1-64 characters long as User Login Name Prefix. It is not applicable to the
option “Random” of User Login Name combination.
10
8. Set the random string length to be (i) 6, or (ii) 8, or (iii) 10, or (iv) 12 characters long. The string is
a part of the User Login Name and not applicable to the option “Prefix & Index” of User Login 11
Name Combination.
9. Select one of the following options for User Login Password Combination: 10. Set the random string length to be (i) 6, or (ii) 8, or (iii) 10, or (iv) 12
• Same As Login Name: With this option selected, the password will be set identical to characters long. It is not applicable to the option “Same As Login
the User Login Name
Name” of User Login Password Combination.
• Random: With this option selected, the password will be in form of “<Randomly
11. Click
generated string of length defined in item #10>
12
Note: It will take a moment for user account importing and

generation. The length of duration depends on the amount of user
accounts.
Procedures:
12. A new entry with a user account list (.CSV file) is created. Click
13. A window pops up. Select the destination path for file download and
then click “Save” button.
13
14
Procedures:
14. Open the .CSV file and you will have a list of prepaid user
accounts that are just created by the system. You can
make use of the list to prepare your own vouchers.
15. In our example, we have 100 pairs of different
15
username/password combination for demo purpose.
Username Prefix: hi
Username: <Prefix><6-character random string>
Password: <6-character random string>
login name password

hi5185GC X8hdG2
Procedures:
1. Click the drop down arrow of User group name to get the Filter windows.
2. Select the desired User Group for account filtering, e.g. PP Voucher User Group.
3. The list will then filter and show the accounts of the desired User Group.
1
3
All User accounts

created by batch
generation use the
User Group default
account settings,
e.g. Validity and
Data Quota
Step 6a: Custom Template Portal Setup
Step 6a: Custom Template Portal Setup – Create Portal
Procedures:
1. Click to create and enable new portal service.
2 2. Give a name for the new portal.
3. Select “Custom Template” for template type.
3
4. Pick one of the Custom Template Styles. You can change
4 it later.
5. Click
5
Step 6a: Custom Template Portal Setup – General & Login/Sign-Up Methods
Provide 6 different options of layout for the portal page background

and body:
- Simple / Clear / Blur / Grid / Curvy / Stylish
Provide 3 options of portal page language

- English
- Simplified Chinese
- All
Specify the URL to which the users will be redirected upon successful
authentication
Select your desired login methods for your portal. There are four login
types you can choose from Custom Template Portal Mode:
- Guest Login (Single button login without providing personal

information)
- Email Sign Up with verification code return for login
- Simple Sign Up with specified information such as name, mobile,
email and so on. (Email sign up and simple sign up cannot be
selected for one portal in the same time)
- Social Account Login with Facebook and Google+ accounts
support
Assign User Groups for those auto-generated accounts for different login
methods
Step 6a: Custom Template Portal Setup – General & Login/Sign-Up Methods (Cont.)
Simple Type Template Clear Type Template
Blur Type Template Grid Type Template

Curvy Type Template Stylish Type Template

Blur Type Template

Clear Type Template
Simple Type Template
Note: Screenshots from iOS Stylish Type Template

Grid Type Template Curvy Type Template
Step 6a: Custom Template Portal Setup – Email Configuration (For Email Sign-Up Only)
Note: This part of configuration is for Email sign up only. AltaiCare System will masquerade as the sender name and Email to send the
verification code to end users for their login.
Note: Screenshots from outlook app (iOS version)

Step 6a: Custom Template Portal Setup – Captive Network Assistant
Note: CNA (Captive Network Assistant) is an app which is commonly

pre-installed in most of IOS and Android devices. The purpose of it is to
assist users to go through portal authentication process without user
intervention of opening web browser when accessing open network
with the requirement of captive portal authentication.
It automatically pops up a window for user login when the mobile

devices detect the network with the presence of captive portal
enabled. From user perspectives, it greatly improves user experience
and get rid of the awkwardness when people are not aware of the
requirement of opening web browser to log in the open WiFi network.
However, the app is not like other web browsers such as Safari, Chrome,
… It supports very limited functions and may even not be desirable
when it comes to particular login methods. For this case, we may need
a way to guide the users how to bypass the CNA and use the standard
web browsers to proceed the web portal authentication.
Here, we will make use of the CNA feature but not to provide an
interface for user login. Instead, we give instructions on the pop up
window to guide the users through the process to bypass CNA
appropriately and log in the portal with standard web browsers.
Select the OS type for displaying the CAN instructions. There are three options:
- Android
- IOS
- Both
Input instructions here. This instruction page will be popped up without showing up
login page once the users click on the open network SSID with captive portal
detected.
CNA pop-up instruction for iOS
Step 6a: Custom Template Portal Setup – Captive Network Assistant
Cookie: Keep user online session for specified duration without

processing login operation. By default, it is disabled.
Facebook Like Option: It is applicable Facebook login method

only. When user login with Facebook account successfully, the
user will be redirected to the customized Facebook URL. By
default, it is disabled.
Advertisement: Enable the advertisement for the captive

portal. The detail about advertisement can refer to the
advertisement section.
Step 6a: Custom Template Portal Setup – Configuration Sketch Map
Background: Either pick color in RGBA from palette or choose a desired image for the portal
page background.
Body: Pick color in RGBA from palette for the portal page body.
Logo (Optional): Upload an image of company logo and put it at the top of the body.
Title: Add title for the portal page. You can align the text position, change the text color and font
size
Description Content: Add text for the page content. You can have the following operations on
the text:
- Font Size
- Font Color
- Bold
- Align Text Left, Center, Right
- Insert/Remove Hyperlink; which is usually used with ACL (Access Control List) to let Portal users
click on the hyperlink in the login page and they will then be redirected to the desired URL
which is specified in this item without going through the portal authentication.
Username/Password Login Box (for Email Sign Up ONLY): It is used by exiting users who already
got an account through their first time sign up login for the network access. Here, Username
refers to the user’s email address that is used for sign up and Password refers to the user-defined
code during sign up process.
You can modify the text of the Username and Password placeholders and the text and color of
the Submit Button.
Refer to the next few slides
Guest Login Button (for Single Button Login ONLY): You can modify the text and color of the
button.
Copyright Information: Edit the text and Facebook Login Button (for Facebook Social Account Login ONLY): You can modify the text of the
color for the copyright notice which is button.
to be put at the bottom of the portal
page. Google Login Button (for Google Social Account Login ONLY): You can modify the text of the
button.
Step 6a: Custom Template Portal Setup – Setting & Operation of Terms of Service
1 2 3
A TOS reminder window pops up

immediately to remind the users to
check the box to agree the TOS first
Attempt to sign in without before getting WiFi service.
checking the box of the Then click “Close” button and return
“Terms of Service” to portal main page
Click TOS Label
4 5
6
Check the TOS

Scroll down the box and sign in
page to the again. The
bottom, and click system will then
“Close” button to further proceed
return to portal the sign up
main page process.
A TOS page pops up
Step 6a: Custom Template Portal Setup – Sign-Up Setting (For Email Sign Up Only)
Note: This setting is for Email sign up ONLY

1
Click the Sign Up link

for Email sign up
Login Element with Custom Sign Up Configuration Item (Default):

There are six items available for user sign up by default:
(1) Email (mandatory)
(2) Mobile
(3) Name
(4) Phone
(5) Address
(6) Social Account
You can rename or enable/disable the sign up items to make
your own ones.
2
Window pops up for users
to sign up with Email and
user-defined password
which are to be used for
login in the future
3
Step 6a: Custom Template Portal Setup – Template Preview (Desktop)
Background
Body
Logo (Optional)
Title
Description Content
Username/Password Login Box

(for Email Sign Up ONLY)
Guest Login Button

(for Single Button Login ONLY)
Facebook Login Button

(for Facebook Account Login ONLY):
Google Login Button

(for Google Account Login ONLY):
Term of Service Statement and Link with

Checkbox
Email Sign Up (For first time login)
Copyright Information
Step 6a: Custom Template Portal Setup – Template Preview (Mobile)
Background
Body
Logo (Optional)
Title
Description Content
Username/Password Login Box

(for Email Sign Up ONLY)
Guest Login Button

(for Single Button Login ONLY)
Facebook Login Button

(for Facebook Account Login ONLY):
Google Login Button

(for Google Account Login ONLY):
Term of Service Statement and Link with

Checkbox
Email Sign Up (For first time login)
Copyright Information
Step 6b: User Defined Template Portal
Setup
Step 6b: User Defined Template Portal Setup – Create Portal
Procedures:
1. Click to create and enable new portal service.
2 2. Give a name for the new portal.
3. Select “User Defined Template” for template type.
3
4. Click to confirm the portal setup.
4
Step 6b: User Defined Template Portal Setup – General
Specify the URL to which the users will be redirected upon successful Provide 6 different options of theme color for
authentication. the portal page background:
- Deep Blue
- Green
- Red
- Orange
- No Color
- User Defined
For User
Defined
color
Step 6b: User Defined Template Portal Setup – Login Methods
Select your desired login methods for your

portal. There are three login types you can
choose from User Defined Template Portal
Mode:
- User/Password Login
- Guest Login (Single button login without
providing personal information)
- Simple Sign Up (without verification code
return for login)
Assign User Groups for those auto-generated

accounts for Guest Login and Simple Sign Up
methods
Note: For those users using Username/Password type of login, their accounts are all pre-registered and assigned to prepaid or
subscription model in the system (Step 5). As to which user groups to be allowed for authentication via the portal, we will define it in
RADIUS setting of security profile later (Step 7 item 10).
Step 6b: User Defined Template Portal Setup – Portal Layout (Sign In/Login Page)
Customization Mode: Three types of customization elements can be added to the

login page:
• Text
• Image
• Ads (which will be discussed in Advanced Setting later)
You can click “+ Add” button to add multiple text elements and image elements to
the login page if needed.
Image Element:
Image • Image File: Click “Choose File” button to upload an image from the local
Element computer to AltaiCare. Maximum size of the image should not exceed 500KB
for Logo
• Image Size: Two options available:
(1) Adaptive Size; which sets the image size adaptive to the login
window
(2) Original Image Size
• Image External Link: It’s for embedding hyperlink in the image. Upon a click on
the image on the login page, users will then be redirected to the desired URL
which is specified in this item without going through the portal authentication.
Text
Element
for Title Text Element: You can have the following operations on the text:
• Font Size
• Font Color
• Bold
• Align Text Left, Center, Right
You can drag and drop the elements • Insert/Remove Hyperlink; which is usually used with ACL (Access Control List) to
freely for your desired top-down order to let users click on the hyperlink on the login page and they will then be
be shown on the portal page redirected to the desired URL which is specified in this item without going
through the portal authentication.
Step 6b: User Defined Template Portal Setup – Portal Layout (Sign In/Login Page) (Cont.)
Text Element for

Description Content
You can drag and drop
the elements freely for
your desired top-down
order to be shown on the
portal page
Text Element for
Description Content
Login Element (Default)
Text Element for

Copyright Info
Highlight the text and click “ ” button. Enter the

URL in the pop up box. Then click “OK” to confirm it
Step 6b: User Defined Template Portal Setup – Portal Layout (Sign In/Login Page) (Cont.)
Image Element for

Separation Line
You can drag and drop

the elements freely for
your desired top-down
order to be shown on the
portal page
Text Element for
Terms of Service
Step 6b: User Defined Template Portal Setup – Portal Layout (Sign Up Page)
Customization Mode: Three types of customization elements can

be added to the login page:
• Text
• Image
• Ads (which will be discussed in Advanced Setting later)
You can click “+ Add” button to add multiple text elements and
image elements to the login page if needed.
Image Element
for Logo
Image External Link is an optional item. This time we do not embed
any URL in the logo in the sign up page.
You can drag and drop the elements freely for your desired top-
down order to be shown on the portal page
Text Element for

Description
Content
Step 6b: User Defined Template Portal Setup – Portal Layout (Sign Up Page) (Cont.)
1 3
Sign In/Guest Login Page Sign Up Page
Login Element with Custom Sign

Up Configuration Item (Default):
There are six items available for

user sign up by default:
(1) Email
(2) Mobile
(3) Name
(4) Phone
(5) Address
(6) Social Account
You can rename or

enable/disable the sign up
items to make your own ones. In
this example, we rename the
item “Phone” as “Country” and
disable the items “Address” and
Jump to another page for
Social Account“.
users to sign up with
personal information
Text Element for Copyright Info
2 Click “Sign Up” button

Step 6b: User Defined Template Portal Setup – Template Preview (Desktop)
Note: Remember to click button at the page bottom to make all changes take effect before checking on the preview.
Sign Up Page
Sign In/Guest Login Page

Step 6b: User Defined Template Portal Setup – Template Preview (Mobile)
Note: Remember to click button at the page bottom to make all changes take effect before checking on the preview.
Sign Up Page
Sign In/Guest Login Page

Step 7a: Create Portal Security Profile
Step 7a: Create Portal Security Profile
Procedures:
1. Click to create a new Security Profile.
2. Give a name for the profile. In our example, we create two profiles called “Care_CT_Portal” and “Care_UDT_Portal” to which we will
apply the custom template and user defined template that we prepared in Step 6a and Step 6b correspondingly.
3. Click to confirm it.
4. A new entry is then created for each profile in the list. Click to further configure it.
Step 7a: Create Portal Security Profile – Portal Setting
Procedures:
5. Select “Portal” as Authentication Mode.
6. Select “Built-in” as Portal Mode.
5
7. Choose one of the Service Domains where your portal is created. The Service
Domains listed here depend on the “Applicable Sites” setting (Step 2 Item #3) of the
Service Domains. In our example, we set up the Service Domain called “Altai WiFi
Service” and we have a custom template/user defined template portal built in there.
8. Select the portal that you created in the selected Service Domain. In our example, it
is Custom Template Portal/User Defined Template Portal.
Optional Items:
L2/L3 Portal: In L2 portal model, Clients will get IP address from the local gateway
through Access Point before being redirected to the captive portal; In L3 portal
model, AP will act as a gateway with enabled DHCP server to the wireless clients. More
detail refer to “AppNote_ThinAP_CP_Config_v1.0”.
6
Portal DHCP Lease Time: IP lease time to the portal clients by AP. By default, it is set to be
7 7200 seconds. Once expired, the clients will then renew the IP with the AP.
8 Portal ACL Mode: A Black/White List (or called Walled Garden) designed to control the
information and Web sites the user is able to access before and after passing through
portal login. Whitelist is the websites to be allowed for portal user access before
authentication while blacklist is those to be blocked from access no matter whether it’s
before or after successful authentication.
This is generally used with the hyperlink on the login page. When users click on it, they will
be redirected to the desired URL which is allowed (whitelisted) in this ACL file without
going through the portal authentication. See here for more details of operation.
Step 7a: Create Portal Security Profile – Portal ACL Configuration
1
Procedures:
2
1. Enable Portal ACL Mode.
2. Click “Upload” of the Portal ACL File and the “Import Portal ACL File” pops up
3. Click “ACL Sample”.
4. A window pops up. Select the destination path for file download and then click
“Save” button.
3 5. Open the bwlist.txt file and follow the format below to create your own list.
Note: “w” denotes whitelisted website while “b”

denotes blacklisted website
5 Note: The list can consist of domain, single IP or even

IP subnet
Note: If we whitelist the domain “apple.com”, CNA of

IOS devices may regard the open network is Internet
accessible and will not pop up a window for user
login. Users may manually open a browser and trigger
the portal page by entering non-https website in the
address bar.
4
Step 7a: Create Portal Security Profile – Portal ACL Configuration (Cont.)
Procedures:
6. Go back to the “Import Portal ACL File” window and click “Choose File”
button to upload the ACL file.
7. A window pops up. Select the modified bwlist.txt file and click “Open” button
8. Click button.
9. File uploaded and confirmed with the upload time.
7
6
Note: Remember to click button at the page bottom to make all changes
take effect.
8
9
Step 7a: Create Portal Security Profile – RADIUS Setting
Procedures:
9. Select “Built-in” for RADIUS Server.
10. Choose the User Group(s) to be allowed for user authentication and accounting
9
via the Username/Password type of portal login. As to guest login/sign up/social
account of portal logins, the corresponding user groups were earlier assigned in
10
Step 6 and therefore preselected as the Allowed User Group and become
greyed-out item. In our example, we select “PP User Group” to be allowed for
Username/Password login via User Defined Template Portal.
Note: Remember to click button at the page bottom to make all changes take
effect.
Optional Items:
MAC Access Control List: It is different from the Portal ACL List. Here, you can upload a list of
client MAC addresses (in .txt file) to allow or deny wireless connection of the client to the SSID
(which uses this security profile to implement the ACL security measures).
White List is to allow the wireless clients which are specified on the list to connect to the SSID. In
other words, for those who are not on the list, they will be denied access.
Black List is a list of wireless clients to be denied access to the SSID. In other words, for those who
are not on the list, they can get access to it.
Manual Input: Input the MAC addresses which are going to be added to the ACL manually (one
by one). The MAC address should be in colon-separated format with either uppercase or
lowercase alphabets, e.g. XX:XX:XX:XX:XX:XX or xx-xx-xx-xx-xx-xx
File Upload: Upload a file (in .txt or .csv) which contains MAC addresses for ACL. The MAC address
should be in colon-separated format with either uppercase or lowercase alphabets, e.g.
Step 7b: Create WPA Security Profile
Step 7b: Create WPA Security Profile
Procedures:
2. Give a name for the profile. In our example, we create a profile called “Care_WPA” to which we will apply our previously
prepared user group in Step 4 for user authentication via PEAP.
4. A new profile entry is then created in the list. Click to further configure it.
Step 7b: Create WPA Security Profile – RADIUS Setting
Procedures:
5. Select “WPA2-Enterprise” or “WPA/WPA2-Enterprise” as Authentication
5
Mode.
7. Choose one of the Service Domains where your user groups and
accounts are created. The Service Domains listed here depend on the
“Applicable Sites” setting (Step 2 Item #3) of the Service Domains. In
our example, we set up the Service Domain called “Altai WiFi Service”
and we have a user group with accounts built in there specifically for
WPA authentication.
8. Choose the User Group(s) to be allowed for user authentication and
accounting via WPA authentication. In our example, we select “SC
6 User Group” to be allowed for Username/Password login via WPA
7 authentication (PEAP).
8
Note: Remember to click button at the page bottom to make
all changes take effect.
Step 7c: Create MAC Auth Security Profile
Step 7c: Create MAC Auth Security Profile
Procedures:
2. Give a name for the profile. In our example, we create a profile called “Care_MAC_Auth” to which we will apply our previously
prepared user group in Step 4 for mac authentication.
Step 7c: Create MAC Auth Security Profile – RADIUS Setting
Procedures:
5. Select “MAC” as Authentication Mode.
5 7. Choose one of the Service Domains where your user groups and
MAC entries are created. The Service Domains listed here depend
on the “Applicable Sites” setting (Step 2 Item #3) of the Service
Domains. In our example, we set up the Service Domain called
“Altai WiFi Service” and we have two user groups with MAC entries
6
built in there specifically for MAC authentication.
7 8. Choose the User Group(s) to be allowed for MAC authentication.
In our example, we select “PP MAC Group” and “SC MAC Group”
8
to be allowed for authentication with device MAC.

all changes take effect.
Step 7d: Create WPA-PSK Security Profile
Procedures:
2. Give a name for the profile. In our example, we create a profile called “Care_WPA_PSK” for WPA-PSK authentication.
Procedures:
5. Select “WPA2-Personal” or “WPA/WPA2-Personal” as Authentication
5 Mode.
6. Input a string not less than 8 characters for the Passphrase which the
WiFi users will have to use this credential for network access.

6 all changes take effect.
Step 8: Create SSID (WLAN)
Step 8: Create New WLAN – Basic Setting
Procedures:
1. Click to create a new WLAN profile.
2. Give a name for the profile.
3. Configure SSID for the profile (a string up to 32 characters). The SSID will be broadcast and
should be seen by clients for wireless connection.
4. Two options for scope: Site or Branch. It defines which groups of AP, Site (Main Set)/Branch
(Subset), to be using this WLAN profile and broadcasting the SSID for service. For the
2
concept about Site/Branch, go to Advanced Configuration Section.
3 5. Define what radios (2.4G/5G/Both) to use this WLAN profile and broadcast the SSID for
service.
4
6. Select the desired security profile for the SSID, there are two options: 1) New Secprofile:
5 creating a new security profile which will be generated automatically in security profile list;
6 2) Existing SecProfile: Select the desired security profile from existing security list.
7 7. Apply one of the security profiles which is created in Step 7 to this WLAN profile for policy
control on the wireless clients who use this WLAN service.
8
Step 8: Create New WLAN – WLAN Scheduler
Optional Items:
Enable Schedule: Check the box to enable the scheduler. It

controls the periods for the WLAN service by
enabling/disenabling the WLAN according to the periods
defined in the following items. You can add multiple periods
by clicking button
Days of Week: To set which week days (From Sunday to Saturday) to

enable the WLAN service.
Schedule Work Time: To set the time to start and stop the
WLAN service on the week days defined above.
In this example, we turn on our guest SSID “Care_CT_Portal”

in the following periods ONLY:
• From Mon to Fri, 9:00 – 18:00
• Sat 9:00 – 13:00
Note: Make sure a correct local Time Zone setting for the site so that the
scheduler can run its scheduler accurately.
Step 8: Create New WLAN – Advanced Setting
Hide SSID: To hide/unhide SSID name for broadcast
Intra-WLAN User Isolation: To block Layer 2 communication among the 2.4G and 5G clients
within the same WLAN under the same AP.
VLAN Pass Through: Applicable for VLAN environment only. It is usually used for WDS
bridging. With the box checked, the WLAN will carry all VLAN traffic and therefore establish
a trunk link over the WDS bridge to the remote Station.
VLAN ID: Applicable for VLAN environment only. It adds/removes the VLAN tag with ID
specified here to the client traffic from/to the WiFi interface to/from the Ethernet interface.
In other words, the WLAN will be as a VLAN access interface for the wireless clients.
This VLAN ID option is not applicable for portal authentication because AP will be as a
gateway for the portal users. Their traffic will be “NATed” by AP’s IP and routed to the local
gateway and then to Internet through management VLAN.
Access Traffic Right: To impose access right control on the client traffic under this WLAN.
Three available options:
• Full Access: Client associating to this WLAN can manage AP through wireless interface
and gain access to the local network or Internet via Ethernet interface.
• AP Management Only: Client associating to this WLAN can manage AP through
wireless interface but not able to access to the local network or Internet via Ethernet
interface.
• In VLAN environment, make sure the VLAN ID assigned to the WLAN the same as AP
Management VLAN; otherwise, clients cannot access to AP even if either of the
above two options (Full Access or AP Management Only) is selected.
• AP Management Disabled: Client associating to this WLAN can gain access to the
local network or Internet via Ethernet interface but not able to manage AP through
wireless interface.
Enable Tunnel: To enable the GRE /
EoIP tunnel.
Step 8: Create New WLAN – Advanced Setting (Cont.)
Allow DHCP Snooping Trusted Port: With the box checked, it allows DHCP servers
in the WLAN to offer IP address to clients via wireless interface.
As usual, the box is unchecked to prevent illegal DHCP servers offering IP
address from the untrusted wireless network.
Max Station: Set maximum associated clients to the WLAN interface for
maintaining good WiFi service to the clients. The supported maximum client
number depends on the AP models. By default, it is set to be 64.
WLAN Maximum Uplink/Downlink (Kbps): Set upper limit to the total

uplink/downlink throughput for the whole group of associated clients under the
same WLAN. The unit is in kbps. In other words, setting of 100000 means 100Mbps
of throughput limit for the whole WLAN group traffic.
Station Maximum Uplink/Downlink (Kbps): Set upper limit to the total

uplink/downlink throughput for individual associated clients under the same
WLAN. The unit is in kbps. In other words, setting of 10000 means each of the
individual clients can enjoy 10Mbps of throughput limit.
This setting is not applicable for those users who are authenticated through
AltaiCare Service Domain with their own bandwidth control setting configured
in the user account. For example, for a user account which is configured with
bandwidth control of 10Mbps, you will still get 10Mbps of data speed even
though the SSID you are connecting with is configured with 5Mbps of per-user
bandwidth control.
Client SNR Threshold for Association: Specify the minimum uplink SNR (Signal to Noise Ratio) required for client association with this WLAN. The AP
collects an average SNR of a client based on a number of uplink frames, and determine whether to allow or reject the association.
Step 8: Create New WLAN – Configuration Summary
WLAN Profile SSID to be broadcast Security Profile to be applied VLAN ID
N/A
Care_CT_Portal Care_CT_Portal Care_CT_Portal (You can enter ANY integer here,
e.g. 1-4094)
N/A
Care_UDT_Portal Care_UDT_Portal Care_UDT_Portal (You can enter ANY integer here,
e.g. 1-4094)
Care_WPA Care_WPA Care_WPA 150
Care_MAC_Auth Care_MAC_Auth Care_MAC_Auth 160
Care_WPA_PSK Care_WPA_PSK Care_WPA_PSK 170
Note: For simplicity, we use the same name for WLAN Profile, SSID and Security Profile in this example.
Step 9: AP Registration
Step 9a: Single AP Registration
AP WebUI
1
Procedures:
1. Click to register a new AP.
2. A “New AP” window pops up. Give a name for the AP. This name setting will be provisioned to AP as “System Name” once the AP is
connected with AltaiCare.
3. Enter the AP Ethernet MAC address in colon-separated or hyphen-separated format with either uppercase or lowercase alphabets, e.g.
XX:XX:XX:XX:XX:XX or xx-xx-xx-xx-xx-xx. You can directly copy it from AP WebUI “Status > Overview > Interfaces > Ethernet(eth0) >
MAC”.
4. Click button to confirm the AP registration to the site.
Step 9a: Single AP Registration (Cont.)
AP WebUI
The status will turn from to for the AP entry

once the AP is successfully connected with
AltaiCare.
On AP WebUI, it will also show the status of Remote
MGT as “Connected”.
Step 9b: AP Batch Registration
Procedures:
1. Click to pop up a window for importing AP list file.
2. Click “APs Sample” to download a AP list template.

Step 9b: AP Batch Registration (Cont.)
5 6 7
Procedures:
3. Click “Save” button.
4. Open the file “batch_ap_sample.csv”.
3
5. Give a name for each AP.
6. Input the AP Ethernet MAC address in colon-separated or hyphen-
separated format with either uppercase or lowercase alphabets,
e.g. XX:XX:XX:XX:XX:XX or xx-xx-xx-xx-xx-xx
7. Enter AP location. It is an optional item and you can keep it blank.
8
Procedures:
8. Go back to the “Import APs” window and click “Browse File”
button to upload the AP batch file.
10 9. A window pops up. Select the modified batch_ap_sample.csv
file and click “Open” button.
10. Click button.
9
AP WebUI
The status will turn from to for the AP

entry once the AP is successfully connected
with AltaiCare.
On AP WebUI, it will also show the status of

Remote Mgmt as “Connected”.
Verification (Custom Template Portal)
Verification: Custom Template Portal (Facebook Account Login – iOS Device)
1 2 3
Turn on WiFi Portal Page pops up. Check the box and agree the Sign up with Facebook account and click
and Select SSID Terms of Service. Then click Facebook Login Button “Log In” button
4 5 6
Upon click on “Log In”
button, Facebook will
verify your identity. If
successful, it will then
send your basic
#personal information to
AltaiCare for user

account registration. It
may take seconds
# Basic personal Information include: Once the account is successfully created, you will DONE! You are now connected with Care WiFi!
- Facebook Username
- Email
be redirected to a landing page. Click “DONE” Enjoy it ☺
- Age Range (i.e. <21 or >21) to close the CNA window.
- Gender
- Locale
Verification: Custom Template Portal (Facebook Account Login)
2 3 4 5 6 7 8
1. Auto-generated User Account: Client MAC address with “auto_” prefix

2. Name: Facebook Name which is provided by Facebook
3. User Group: The user group to which this auto-generated user account is assigned (See
Configuration Step 7a)
4. Remaining Data Quota: See Configuration Step 5 for data quota setting
5. Email: Email info which is provided by Facebook. Sometimes, you will no Email info received from
Facebook because of the privacy setting of the individual users on their Facebook account
6. Phone/Mobile: Not applicable for Facebook Login
7. Expiry Time: Account validity which is counted from the Start at the first login. (See Configuration
Step 5 for account validity setting)
8. Last Login Time
Verification: Custom Template Portal (Email Sign Up with Passcode Return – iOS Device)
1 2 3
A window pops up. Sign

up with your valid Email
account and enter your
desired password (which
Portal Page pops can be used for later
Turn on up. For first time logins). Remember to
check the box and agree
WiFi and login, click the Sign
the Terms of Service
Select SSID Up link and use your before you sign up and
Email for registration submit your info.
4 5 6
Upon click on “Sign up

Submit” button, you will
have 2 min for Internet
access.
In this time window,
AltaiCare will generate
passcode and send
verification Email to your
account. You are required
to submit the code back
in this timeslot for system Click “Cancel” to close the CNA window and
You will receive Email with verification code
verification and get then click “Use Without Internet”
from AltaiCare System shortly
Internet access
Verification: Custom Template Portal (Email Sign Up with Passcode Return – iOS Device)
Once the code

7 8a 9 10
is verified OK,
AltaiCare will DONE! You are now
automatically connected with Care WiFi!
generate a Enjoy it ☺
user account
using your
registered
email as
username for
you. In the
meanwhile,
Open the Email and click the URL to
send the passcode back to the Open a browser and you will be redirected to a
system for verification send the URL landing page
8b Follow Step #2 and bring 8b

In case the 2-min window is over you to this page again.
without completing the code Now, you already got the
verification code, so click
verification process, then follow Step
the link at the bottom
#8b instead of Step #8a
You can open a browser and type non-https website
in the address bar to pop up the portal page. And
then input the code in there to complete the
remaining process and get the Internet access
Enter the verification code and click “Verify”

button
Verification: Custom Template Portal (Email Sign Up with Passcode Return)
2 3 4 5 6 7 8
1. Auto-generated User Account: Email address that has been used as registration during
sign up process
2. Name: Client MAC address with “auto_” prefix
5. Email: Email info which is provided by the user during sign up process
6. Phone/Mobile: Not applicable for Email sign up Login
7. Expiry Time: Account validity which is counted from the Start at the first login. (See
Configuration Step 5 for account validity setting)
8. Last Login Time
Verification: Custom Template Portal (Google Account Login – iOS Device)
1 2 3
We cannot proceed Google Login

through IOS CNA, so there is
#instruction popping up to guide
users how to bypass CNA and get
access to network via Google login
Portal Page pops up. Check the #The system pops up the instruction
box and agree the Terms of page for Google login in IOS device
Turn on WiFi by default, no matter whether the
Service. Then click Google Login
and Select SSID CNA detection is enabled or not
Button
6
4
Open a browser and type non-https Same as Step #2. Check the box again and
Click “Cancel” to close the CNA window and website in the address bar to pop up the agree the Terms of Service. Then click Google
then click “Use Without Internet” portal page again Login Button
Verification: Custom Template Portal (Google Account Login – iOS Device)
7 8 9
Sign up with Google

account
10 12
11
Upon submission of Google
account credentials, Google
will verify your identity. If Once the account is
successful, it will then send successfully created, you
your basic #personal
will be redirected to a
information to AltaiCare for
landing page.
user account registration. It
may take seconds
DONE! You are now connected with
# Basic personal Information include: Care WiFi! Enjoy it ☺
- Username
- Email
- Gender
Verification: Custom Template Portal (Google Account Login)
2 3 4 5 6 7 8
2. Name: Google Account Name which is provided by Google
5. Email: Email info which is provided by Google
6. Phone/Mobile: Not applicable for Google Login
8. Last Login Time

Verification: Custom Template Portal (Guest Login – iOS Device)
2
1
Turn on WiFi Portal Page pops up. Check the box and agree the
and Select SSID Terms of Service. Then click Guest Login Button
4
3
Upon click on “Guest Login”, the

system will take seconds to generate a
user account for the user. Once it is
successfully created, you will be DONE! You are now connected
redirected to a landing page. Click with Care WiFi! Enjoy it ☺
“DONE” to close the CNA window
Verification (User Defined Template Portal)
Verification: User Defined Template Portal (Username/Password Login – iOS Device)
1 2 3
…1-2 sec later

#Note: We only allowed the user group
“PP User Group” for user authentication
and connection with the SSID
“Care_UDT_Portal” in our setup, so we use
the user account“ppuser01/ppuser01” for Upon click on Login button, AltaiCare will
portal login verify your identity against its user
database. If successful, it will return you a
Turn on WiFi and Portal Page pops up. Enter your #account message “Login Successfully!”. It may take
Select SSID Username/Password. Then click Login Button seconds
4 5
The system will soon redirect

you to a landing page. Click
“DONE” to close the CNA
window
Care WiFi! Enjoy it ☺
Verification: User Defined Template Portal (Username/Password Login – iOS Device)
1 2 3 4 5 6 7 8
1. User Login Account: See configuration Step 6 for account setup
2. Account Name: See configuration Step 6 for account setup
3. User Group: The user group to which this user account belongs (See configuration
Steps 5 and 6)
4. Remaining Data Quota: See Configuration Steps 5 or 6 for data quota setting
5. Email: Email info which is optional during account setup
6. Phone/Mobile: Phone/Mobile info which is optional during account setup
8. Last Login Time

Verification: User Defined Template Portal (Guest Login – iOS Device)
1 2 3
…a few sec later
Upon click on Guest button,

AltaiCare will take seconds
to generate a user account
for the user. Once it is
successfully created, you
Turn on WiFi Portal Page pops up. Then will get a message “Login
and Select SSID click Guest Button Successfully!”.
4 5
The system will soon redirect

you to a landing page. Click
“DONE” to close the CNA DONE! You are now connected
window with Care WiFi! Enjoy it ☺
Verification: User Defined Template Portal (Guest Login – iOS Device)
1 2 3 4 5 6 7 8

2. Account Name: Client MAC address with “auto_” prefix
3. User Group: The user group to which this auto-generated user account is
assigned (See Configuration Step 7b)
5. Email: Not applicable for Guest Login
6. Phone/Mobile: Not applicable for Guest Login
7. Expiry Time: Account validity which is counted from the Start at the first login.
(See Configuration Step 5 for account validity setting)
8. Last Login Time

Verification: User Defined Template Portal (Sign Up Login – iOS Device)
1 2 3
Turn on WiFi Portal Page pops up. Then It jumps to Sign Up Page. Sign up with your
and Select SSID click Sign-Up button personal info. Then click Confirm button
4 5
…a few sec later
Upon click on Confirm

button, AltaiCare will take
seconds to process your Once it is successfully created,
submitted data and you will be redirected to a
landing page. Click “DONE” to DONE! You are now connected
generate a user account for with Care WiFi! Enjoy it ☺
the user. close the CNA window
Verification: User Defined Template Portal (Sign Up Login – iOS Device)
1 2 3 4 5 6 7 8
2. Account Name: Sign up info provided by the user
3. User Group: The user group to which this auto-generated user account is assigned
(See Configuration Step 7b)
5. Email: Sign up info provided by the user
6. Phone/Mobile: Sign up info provided by the user
8. Last Login Time

Verification (WPA – PEAP)
Verification: WPA (PEAP – Windows 10 Client)
3
1 2 4
Click “Connect” when being
Enter your credentials, i.e. asked for your confirmation to
Turn on WiFi and Select SSID, DONE! You are now connected
scuser01/scuser01 and then connect to the network with the
i.e. Care_WPA for our case. with Care WiFi! Enjoy it ☺
Check the box of “Connect click “OK” above certificate for the first time
automatically” and click login
“Connect”
Note: In some of the cases such as hidden network, your may need to manually create wireless profile for connection to the wireless
network.
1 2
Open Network and Sharing Center. Click “Set up a new Select “Manually connect to a wireless network ... Connect to a hidden
connection or network” to create a new wireless network profile network or create a new wireless profile”. Then click “Next” button
3 4
Input the desired SSID for Network Name, e.g. Care_WPA for our case. The wireless profile for SSID, i.e. “Care_WPA” has just been created.
Then select “WPA2-Enterprise” as Security Type and “AES” as Click “Change connection settings” for further configuration
Encryption Type. Check the boxes for the following two items: changes
• Start this connection automatically
• Connect even if the network is not broadcasting
Click “Next” to finish the wireless profile settings
Uncheck the box of “Automatically

use my Windows logon name and
password (and domain if any).” and
then click “OK” to go back to
“Protected EAP Properties” Window.
Click “OK” again to go back to
“Wireless Network Properties”
window
“Wireless Network Properties” window

Uncheck the box of “Verify the
pops up. Select “PEAP” as
server’s identity by validating the
Authentication Method and click certificate”. Select “EAP-MSCHAP v2”
“Settings” for further configuration. as Authentication Method and then
click “Configure…” for further
changes
Click “Advanced settings” Click the tab “802.1X settings” and Input username and password. Then click “OK” to
choose “User authentication” as go back to “Advanced settings” window. Click
authentication mode. Then click “Save “OK” again to go back to “Wireless Network
credentials” Properties” window.
7
8
DONE! The client will then automatically

Click “Close” to finish the wireless
connect with Care WiFi! Enjoy it ☺
network profile setting
Click “OK” to close “Wireless
Network Properties” window
Verification: WPA (PEAP – iOS Device)
1 2
Turn on WiFi and Select SSID, i.e.

Care_WPA for our case Enter your credentials, i.e. scuser01/scuser01
and then click “Join”
3 4
Press “Trust” when prompt with the above certificate for the DONE! You are now connected with
first time login Care WiFi! Enjoy it ☺

Verification (MAC Authentication)
Verification: MAC Auth (Windows 10 Client)
1 2b
2a
For those clients which are not in the
Care_MAC_Auth for our case. Check the registered MAC addresses list of the
box of “Connect automatically” and allowed user group(s), they will not be
click “Connect” Care WiFi! Enjoy it ☺ allowed to get Internet access
Verification (WPA-PSK)
Verification: WPA-PSK (iOS Device)
1 2

Care_WPA_PSK for our case
Enter the Password and then click “Join”

Care WiFi! Enjoy it ☺
AP Firmware Upgrade
AP Firmware Compatibility Check
When the AP get online on

the AltaiCare, system will check
the compatibility of AP’s current
firmware. An orange point will
display on the icon of AP status to
notice the availability of firmware
upgrade.
Click on the AP status icon to
access the dashboard of AP for
more information.
Note: We are making every endeavor to keep updating AltaiCare system with new features and bug fixes. To make
sure AP works well with AltaiCare, please check the AP status icon here after each time of AltaiCare system update.
Single AP Firmware Update
Procedures:
1. Click button on the AP entry.
2
3a 2. A “Update Firmware” window pops up. Select the latest
firmware from the drop down menu of Firmware.
4 3. You can either start the AP firmware update now or set

scheduler with specific date and time for it.
3b
4. Click button to confirm and perform the AP firmware
update.
4 Warning: Make sure the AP unit is powered up throughout the whole

firmware update process! Failure to do so might cause firmware crash.
Single AP Firmware Update (Cont.)
Procedures:
5. Click “Go to detail page” to view the update status and it jumps to Wireless >
Firmware Update.
6. Check the update status which is updated in every 30 seconds. Normally, it goes
through several stages for the entire process: 1. Pending (which initiating the
5
update); 2. In Progress; 3. Success or Failure. Make sure the status becomes
“Success” in the end.
7. The AP status should turn from to on AP list page.
8. The current firmware version will be displayed on the AP list.
7
8
Batch AP Firmware Update
4
5
Procedures:
1. Select the desired APs for batch firmware upgrade.
2. Click button and It will pop up a window for firmware batch update.
3. Selected APs are categorized by model, then you can select the latest firmware from the drop down menu of Firmware.
4. Select “Now” or “Specific Time” for the batch firmware upgrade task.
5. Click to confirm the batch firmware upgrade task.
AP Batch Firmware Update (Cont.)
Procedures:
6. Click “Go to detail page” to view the update status and it jumps to Wireless >
Firmware Update.
7. Check the update status which are updated in every 30 seconds. Normally, it goes
through several stages for the entire process for each selected AP: 1. Pending (which
initiating the update); 2. In Progress; 3. Success or Failure. Make sure the status
becomes “Success” in the end.
8. The AP status should turn from to on AP list page.
6
9. The current firmware version will be displayed on the AP list.
8 9
Warning: Make sure the AP unit is powered up throughout the whole firmware update process! Failure to do so
might cause firmware crash.
AP Edition & Operation
Individual AP Setting
Procedures:
1. Click button to access the edit
1
page of individual AP.
AP Name: A name of the AP (up to 255 string characters) for identification.
Location: The location information of the AP (up to 255 string characters) for
identification.
Photo: Upload a picture for identification. The picture file name does not support
Chinese characters. The upload picture will displayed on the AP list.
Branch: Select the Branch profile. The detail of branch settings refer to section of
“Branch Profile”
Use Site Config: Define if the AP use the site settings (section Create New Site) including two parts: Radio and System. There are three options:
1) Disable: the AP will keep its original settings without following site settings;
2) System: the AP’s system settings such as time zone, AP access account and trust IP for access will follow the same entries of site settings. When this option selected,
the system option of the AP will be not editable.
3) System + Radio: the AP’s radio and system settings will follow the same entries of site settings. When this option selected, all configuration options of the AP will be
not editable.
Individual AP Setting (Cont.)
Enable Radio: Turn on or turn off the radio.
Country Code: Select the country where AP is located. Configuring a country code ensures that
the radio regulatory domain such as frequency bands, channels and transmit power levels are
compliant with country-specific regulations.
Wireless Mode: Different AP models can have different available Wireless Modes for selection. For
simplicity, there are two options available: 1) Auto; and 2) Use AP Setting.
• Auto: AltaiCare automatically selects the most generic wireless mode for AP operation under
different kinds of environment. By default, 802.11ng HT20 is selected for 2.4G radio and
802.11ac HT20 / 802.11na HT20 for 5G radio.
• Use AP Setting: AltaiCare will not alter the AP wireless mode setting and keep it as it is in AP
WebUI for its first time to associate to the AltaiCare system. To change the Wireless Mode
configuration, you have to go to AP WebUI.
Channel: Set operating frequency channel for 2.4G and 5G radios. There are two options
available : 1) Auto; and 2) Use AP Setting.
• Auto: AltaiCare automatically selects the best channel for the AP, based on the following ACS
(Auto Channel Selection) factors:
➢ Air busy%;
➢ Number of neighboring AP occupying the channel; and
➢ Noise floor
• Use AP Setting: AltaiCare will not alter the AP channel setting and keep it as it is in AP WebUI for
its first time to associate to the AltaiCare system. To change the channel, you have to go to AP
WebUI.
Auto Channel Selection Interval: Set a schedule (in Minutes) to perform channel scanning
periodically for the best channel selection. This option is available only when the channel is
selected as “Auto”. The interval can be as long as 5min, 30min, 1 hour to 12 hours.
Tx Power: Set the AP transmission power on 2.4G/5G radios. Tx Power can be adjusted in the
following different levels.
Radio 0 Setting: 2.4GHz radio setting box. • MAX: Maximum Tx power that AP supports
Radio 1 Setting: 5GHz radio setting box. • 1/2: 1/2of maximum Tx power
• Use AP Setting: AltaiCare will not alter the Tx Power setting and keep it as it is in AP WebUI for its
first time to associate to the AltaiCare system
Max Clients: Specify the maximum number of client association to be allowed on the radio
interface. For AP models of A3 series, A2 series, A2c, C2s, C1n and C1an, the value ranges from 1
to 256. For AP models of A8n(ac) series and A8n series, the value ranges from 1 to 512.
Beacon Interval Auto: If selected, auto beacon interval will be enabled. Beacon interval stands for
the time interval of beacon transmissions of each supported BSS. If unselected, you can specify
the beacon interval (in millisecond).
RTS/CTS Threshold: Specify the frame size threshold in byte. If a frame is smaller than the RTS/CTS
threshold, it will be sent by the AP without modification. If a frame is larger than the RTS/CTS
threshold, then two frames will be sent by the AP. It is recommended to use the default value.
The entry value is between 0 and 2347. The default value is 2346.
IMO(0-50dB): IMO stands for Interference Mitigation Offset. This is a feature to mask out
interference by a defined level of x dB to improve AP radio operation. IMO is particularly useful
under noisy environment with a very high busy % contributed by adjacent APs and non-Wi-Fi
interference. The entry value is between 0 (disabled) and 50. By default, it used AP setting (0dB).
RSSI Reporting Enable: It is used to report clients’ MAC address and RSSI information to an
external server via proprietary UDP protocol for analytics purpose on third-party platform.
Four options available:
1) Disable: The AP does not sniff any packets and send any RSSI reporting packets out.
2) Radio0 (2.4G): The AP sniffs client packets on Radio0 only which refers to Any radio of a
single band AP model; or 2.4G radio of a dual band AP model.
3) Radio1 (5G): Applicable to dual band AP models only. If this option is selected, the AP
sniffs client packets on Radio1 only which is 5G radio.
4) Both Radios: Applicable to dual band AP models only. If this option is selected, the AP
sniffs client packets on both 2.4G and 5G radios.
Server IP Address: Specify the destination IP address of the RSSI reporting packets to be sent to.
Server Port: Specify the UDP port number of the RSSI reporting packets to be sent on.
Reporting Interval: Specify the reporting interval in second(s) within the range: 1 – 10000s.
Trust IP: It is a trust IP list used to restrict user’s access to the AP by source IP inspection.
Two options available:
1) Use AP setting: keep the original trust IP settings from AP’s WebUI.
2) Custom Mode: You can set a maximum of 4 trust IP entries in terms of single IP or entire IP
block. If the trust IP entries are all cleared, the AP will accept any access from any
IP address for management.
Access Account Settings: Set the password for the admin/guest account.
Two options available:
1) Use AP setting: keep the original access account settings from AP’s WebUI.
2) Custom Mode: You can change the current access password for admin/guest account.
Basic Operations for Individual AP
Edit Button: enter the configuration edition page of the Firmware Upgrade Button: Process the firmware upgrade
AP. Detail refer to section Individual AP Setting. task for the AP.
Reapply Button: reapply the current WLAN/AP settings to

Dashboard Button: enter the dashboard page of the AP.
the AP.
Topology View Button: enter the topology page of the AP Delete Button: Remove the AP from AltaiCare.
which has bridge or station connection.
Reboot Button: Make AP reboot.

Basic Operations for Batch APs
When select multiple APs, a new operation toolbar will appear.
Delete Button: delete multiple selected APs from AltaiCare.
Reboot Button: reboot multiple selected APs from AltaiCare.
Update Firmware Button: Create firmware upgrade task for multiple selected APs. Detail operation refer to
section Batch AP Firmware Update
Add to Branch Button: Assign multiple selected APs to desired branch. Detail operation refer to section Batch
Branch Configuration
User Site Config Button: Assign multiple selected APs to use site’s settings including system parameters and
radio parameters.
WLAN Creation Wizard
WLAN Creation Wizard
WLAN creation wizard provides a way to create a WLAN quickly and conveniently.
Procedures:
1. Go to Wireless LAN page and click button to create a new WLAN creation wizard. All
2 WLAN settings can be finished on the pop up wizard window.
2. Select the Authentication mode. When “Open” is selected, all settings will be displayed on
3 one page; when other authentication mode is selected, click button to enter page of
step2 to continue authentication settings after finish below 3~8 steps.
4
3. Give a name to the WLAN profile.
5
4. Specify the SSID name of the WLAN (a string up to 32 characters).
6 5. VLAN Pass Through: If selected, WLAN will allow all VLAN traffic from wireless interface to
7 pass through the trunk ethernet interface of AP.
6. Fill VLAN ID which is going to be assigned to end user traffic passing through the wireless
8
interface.
9a 7. Assign the WLAN to the site or branch (new or existing one).
8. Assign the WLAN to desired radio: 2.4GHz, 5GHz or both.
9a. Click button to finish the creation.
9b
9b. Click button to jump to page of step2.
WLAN Creation Wizard (Cont.)
It is the page of step 2 when “Open-WEP” or “Shared-WEP” authentication mode is selected.

Open-WEP: The WEP key is purely used for wireless data encryption between AP and clients
Shared-WEP: The WEP key is for authentication and wireless data encryption between AP and
clients.
1)
1) Default WEP Key: Specify the default WEP key to be used from the pool of keys from 1 to 4.
2) 2) Key Entry Method:
Ascii Text: Key represented as either 5 or 13 ASCII characters (0-9, a-z, A-Z and special
characters) long. E.g. (1) Altai; or (2) wEp12; or (3) Altai@123+45%.
3) Hexadecimal: Key composed as either 10 or 26 HEX characters (0-9, a-f, A-F) long. E.g.
(1) 1234567890; or (2) 12345678901234567890ABCDEF.
3) WEP Key 1/2/3/4 Enter the WEP Key(s). All the keys 1 - 4 should be belonging to the same
type (ASCII or HEX) of the same key length.
It is the page of step 2 when “WPA2-Personal” or “WPA/WPA2-Personal” authentication mode

is selected.
1) Pass Phrase: Specify the pass phrase for authentication. Clients need this pass phrase
1) to associate with the AP. The pass phrase can be either a string of 8-63 ASCII characters (0-9,
a-z, A-Z and special characters) or a string of 64 Hexadecimal characters (0-9, a-f, A-F).
It is the page of step 2 when ”MAC”, “WPA2-Enterprise” or “WPA/WPA2-Enterprise”

authentication mode is selected.
1) Select “Built-in” for RADIUS Server.
2) Choose one of the Service Domains where your user groups and accounts are created.
3) Choose the User Group(s) to be allowed for user authentication and accounting via WPA
1)
authentication.
2)
3)
1) 5)
1)
2)
2) 3)
4)
3)
4)
5)
It is the page of step 2 when ”Portal” authentication mode is It is the page of step 2 & 3 when ”Portal” authentication mode and “new porta” mode of select
selected. portal l is selected
1) Select “Built-in” for portal mode. 1) Select “Built-in” for portal mode.
2) Choose one of the Service Domains where your user groups 2) Choose one of the Service Domains where your user groups and accounts are created.
and accounts are created. 3) Select the New Portal.
3) Select the desired portal profile from existing portal profile list. 4) Specify the basic settings of new portal such as portal type, login method and user account.
4) Select “Built-in” for radius server. 5) Click button to enter the page of step 3 to specify the basic settings of captive portal page
such as Theme Color, Logo, Title and so on.
Branch is an unit of AP group for centralized WLAN management within the site. It will be used for assigning specific WLANs to the APs.
Procedures:
1. Click button to create a branch profile.
2 2. Give a name to the branch profile.
3 3. User Site WLAN: Except the WLAN assigned to this

branch profile, rest WLANs within the site will be also
4
included. By the default, it is checked.
4. Click button to confirm the branch profile.
Branch Configuration (Cont.)
Procedures:
5. Click button to enter the branch edit page.
6. Assign the APs to this branch.
Click Go to branch AP list page to enter the AP list in
6
branch.
Branch Configuration (Cont.)
Procedures:
7a Go to the WLAN list page and assign a new
7b WLAN or existing to the target branch.
7a. Assign a new WLAN to the target branch.

7b. Assign an existing WLAN to the target
branch by entering the edit page of existing
WLAN.
7a
7b
Batch Branch Configuration
You can also assign multiple APs to the existing branch on the AP list.
1. Select desired multiple APs on the AP list;
2. Click button to assign selected APs to desired branch.
3. Select the desired branch from the drop list of existing branches.
4. Click button to save the settings.
4
Advertising Engine
Advertising Engine
The Advertising Engine of AltaiCare provides a powerful yet simple content management platform for organizing and selectively delivering content to
users depending on the AP location and demographics. Marketers can leverage the collected data to engage customers more effectively to
promote their business.
Note: The Advertising Engine is used with Portal Authentication. Before moving on to the advertisement setting, make sure basic portal
configuration is done first. For details, refer to Section 5 Step 6a or 6b.
Procedures:
1. Go to Service > Advertisement and click to create a new ad profile.
1
Advertising Engine (Cont.)
Procedures:
2. A “New Advertisement” window pops up. Give a name for the ad. E.g.
Chinese Dim Sum. Later on, we will insert an image of dim sum menu to
the ad profile.
2
3. Choose when to pop up a window to display the image, i.e. before or
after user login. 3
Note: If you use “Custom Template” portal, you can select either
“Before Login” or “After Login” options. If you use “User Defined 4
Template” portal, you need to choose “Before Login” so that the
advertisement image can be shown up on the portal page. 5
4. Set a timer (in seconds) to display the ad before users can close the
pop up window. 6
5. Insert an URL which is to associates with the advertisement image. Users
can click on it and view the webpage directly without login. You can 7
leave the field blank if you do not want the URL link.
6. Set start date and time to deliver the ad. 8
7. Set end date and time to stop delivering the ad. Or alternatively, set
“No Limit” if you want to run it without expiry.
8. Click button and the new ad profile will be added to the
advertisement list.
Procedures:
9. Click button to insert the ad image.
10. Select the desired image and click “Open” button.
10
Procedures:
11. Optional Items – Advertisement Scheduler (Time Tag)
11 Enable Schedule: Check the box to enable scheduler. It controls

how frequent (exposure rate) to show the ad image across
different periods of a day. For example, with the scheduler
enabled, the engine will give higher priority to the image than the
others in the defined period. If two or more ad allocated to the
same period, they will get the same exposure rate or likelihood to
be shown up in front of the users.
You can add multiple periods by clicking button.
This is one of the tags, called time tag, for the engine to control
the image exposure rate in different periods. We will discuss more
tags and ad sorting scheme later.
In this example, we give higher priority to the ad image “Chinese

Dim Sum” to be popped up in the following periods:
• From Mon to Fri, 6:00 – 15:00
• Sat and Sun, 6:00 – 18:00
Note: Make sure a correct local Time Zone setting for the service domain so that the scheduler can run as scheduled.
Procedures:
12. Optional Items - Tag
Tag is something that is used to label advertisements so that you
can deliver the targeted ad to the right customers at the right 12
location at the right time.
You can click to attach different tags to the ad for
condition matching. They are
• AP MAC; it should be in colon-separated or hyphen-
separated format with either uppercase or lowercase
alphabets, e.g. XX:XX:XX:XX:XX:XX or xx-xx-xx-xx-xx-xx
• AP Location; a string not more than 45 characters .

• AP System Name;
• Custom; e.g. we add a custom tag called “food” to label the ad “Chinese Dim Sum” as food-related.
The above tags can be categorized into two types
1. AP Location Tags, e.g. “AP MAC”, “AP Location” and “AP System Name”. These attributes are shared with Advertising Engine by AP upon user’s attempt to
connect through portal authentication.
2. Custom Tags, e.g. “food” in this example. This tag is portal related. In step 13, we can attach custom tag to the portal profile. When users log in through a
particular portal with custom tags configured, the Advertising Engine will label the users with the tags as well.
Note: Remember to click button at the page bottom to make all changes take effect.
Procedures:
13a. Optional Items – Custom Tag for Custom Template Portal
Go to Service > Portal and select a Custom Template portal. In Advertisement box, check the box of Show Ads.
Ads Display Mode: 3 options available listed below.

(1) Pre-login Ads Only
Allow ad to be shown before login ONLY. 13a
(2) Post-login Ads Only
Allow ad to be shown after successful login ONLY.
(3) Both
Allow ad to be shown before and after login.
Tag: Click on the Tag field to select existing tags or

create a new custom tag by filling your desired name
to label the portal ad module directly. You can add
multiple tags up to 10 for each ad.
Procedures:
13. Optional Items – Custom Tag for User Defined Template Portal
13b
Go to Service > Portal and select a portal of User Defined Template.
For User Defined Template Portal, you can add ads in both Portal Sign
In/Guest page and Sign Up page, depending on which login methods
you choose. You should be able to find button on respective
template boxes.
Click it and an advertisement module is created at the page bottom.
Since the template design is based on top-down approach, you can
drag the module up to your desired position. The ad image will finally be
shown up in the position accordingly. You can add multiple ad modules if
needed.
Image Size: 2 options available.

(1) Adaptive Size
Sets the image size adaptive to the login window
(2) Original Image Size
Tag: Click on the Tag field to select existing tags or create a new custom tag by
filling your desired name to label the portal ad module directly. You can add
multiple tags up to 10 for each ad.
Advertising Engine – Ad Sorting by Tag
Upon user’s attempt to connect through portal, Advertising Engine will do the ad sorting from the pool based on the collected information,
e.g.
(i) User connection time (Time/Schedule tag)

(ii) AP location attributes (AP MAC, Location, System Name tags)
(iii) The portal the user sign in through (Custom tag)
Different tag types are given to different weightings as in the above descending order. The Advertising Engine will work out the weighted sum
of the matched conditions for each ad. The ad which scores the most will be elected and displayed in front of the users.
With the sorting scheme as described above, if the ad is not attached with any tags, it will be put to the lowest priority.
If there are multiple ads having the score, the engine will randomly select one.
Let’s take a look at an example to see how the Advertising Engine works.
Advertising Engine – Ad Sorting by Tag (Cont.)
Before User Login:
1. User connects with the network through a custom template portal for the first time on Tuesday,
15:30. Ad Profile 1
2. Attributes added by AP to AltaiCare upon user association:
• AP MAC: 00:19:BE:11:11:11
• AP Location: XXX Shopping Mall 3/F
• AP System Name: AP-001
3. Attributes added by portal which the user access through:
• Custom Tag: food
4. AltaiCare checks its database and no such user registration recorded before.
5. Advertising Engine selects the targeted ad by collating all the information. Ad Profile1 gets 2 Ad Profile 2
matched conditions because of AP Location and Custom tag. Ad Profiles 2 and 3 both get 1
because of AP System. Ad Profile 4 gets none. Thus, Ad Profile 1 is elected and popped up to the
user right before the portal page.
Note: Ad Profiles 1-4 are all configured as “Before Login”

type in this example.
4 Ad Profile 3
1 2 3 5
User
AP Portal tagged Ad Profile 4

with “Food”
Advertising Engine
Advertising Engine – Ad Sorting by Tag (Cont.)
After User Login (Applicable to Custom Template Portal ONLY):
1. On the portal page, the user chooses to sign up with Facebook account. Ad Profile 5
2. If successful, Facebook will send basic personal information to AltaiCare for user account
registration. The basic personal Information include:
• Facebook Username: xxx
• Email: xxx@xxx.com
• Locale: xxx
3. AltaiCare obtains user demographics from Facebook user’s profile and collate all the
information together with user connection time, AP location attributes and portal custom tags.
Ad Profile 6
4. Advertising Engine selects the targeted ad with the top scores. Ad Profile5 gets 2 matched
conditions because of AP Location and Custom tag. Ad Profile 6 gets 3 because of AP System,
Age and Gender. Ad Profile 7 gets 1 because of AP System Name. Ad Profiles 8 gets none. Thus,
Ad Profiles 5 tops the list. It is elected and delivered to the user after user login.
Note: Ad Profiles 5-8 are all configured as “After Login” type in this
example. Ad Profile 7
1 2 3 4
User
Ad Profile 8
Advertising Engine
Topology & Location Management
Location Management _ Map Topology
AltaiCare supports both google map and floor plan image map so that APs can be located on the map manually.
Procedures:
2 1. Click button to create a map profile.
2. Give a name to the map profile.
3
3. Select the map source, two options available: Image and Google.
4 4. Click button to finish creation.

Location Management _ Map Topology (Cont.)
7 7
6 6
8 8
Procedures:
5. Click button to import the plan floor image.
6. Fill the key word of target APs’ name on AP list field and click on the target AP from the search result, then the icon of target AP will be displayed on map
automatically.
7. The icon of selected AP can be moved by dragging to the exact location.
8. Click button to save the configurations.
Location Management _ Map Topology (Cont.)
Go to the site dashboard and map topology

window can be found.
The button for full screen of map window.
The button for image zoom in and zoom out.
Click on the icon of AP and a status summary window

pop up.
The button for map switchover.

Link Topology Management _ Bridge/Station Link
AP
AltaiCare provides the bridge/Station link topology for PTP or PTMP as left
diagram shown.
Note: The repeater or station radio need to be registered in AltaiCare for
Repeater or Station monitoring.
Procedures:
1. Click button of AP, repeater or station.
2. A new window named as “Topology View” pop up. Detail
information of PTP or PTMP is displayed.
1
3. Click button to close the topology view window.
2 2
Click on the icon on the

topology view window,
the information of device
will be displayed on a pop
up window.
Topology view of PTP Topology view of PTMP
3 3
Fault Management
Fault Management _ Alert List
AltaiCare provides you with an active alarms list display that will update in real-time for all AP in your managed network.
You can check the alerts for the site or individual AP.
Go to “Wireless” -> “System” -> “Alert” to enter the alert

management page for the site.
Go to “Wireless” -> “Network” -> “Access Point” and click the icon
under alert column to enter the alert management page of
individual AP
Fault Management _ Alert List
Click “Update Alert Severity” button to Update the severity

Active Alert List History Alert List History Alert Archive List Alert Notification List
for all existing alert items. There are four severity tags
available: Critical / Major / Minor / Info
Name Name of AP where the alert come from. “Acknowledge All” or

“Acknowledge”:
Alert Raise Time The time the alarm was raised. By acknowledging an
active alarm, the operator
Alert Type The name of the alarm.
indicates that administrator
Alert Severity The severity of the alarm: Critical, Major, Minor, Info. has investigated or
handled the alerts. All alert
Alert Category The category of alarm: AP, Operation, Facility, Security. items must be
acknowledged before
Icon for filtering. Click it to get the drop list to do the being moved into history
filter. list.
Fault Management _ Alert Email Notification
1 Alarm Notification is a useful tool to generate an alarm

notification email to the operator via email according to the
selected options.
Procedures:
1. Click button to create an alert notification profile.
2. Select type of alert included in the alert notification email. There two options available:
2 Alert Type / Alert Severity.
3 3. Select particular Alert Type or Alert Severity.

4. Specify email address of receiver to receive the alert notification. There are four options
4 available:
Custom: fill in detail email address, Max. 4 addresses are supported.
To Administrator of this site: Specify alert notification email to the administrator account
5
of this site.
To Monitor of this site: Specify alert notification email to the monitor account of this site.
To Administrator and Monitor of this site: Specify alert notification email to the
administrator and monitor account of this site.
Detail of Administrator and monitor account refer to section Create Admin Account for
Site/Service Domain
5. Click button to save the profile.
Statistics Report Management
Statistics Report Management _ Wireless Report
AltaiCare provides capability to be scheduled to automatically or manually generate reports according to the Report Configuration, eliminating
repetitive work to manually customize report format and generate report periodically.
Procedures:
1 1. Click button to create a report profile.
2. Give a name to the report profile.
4. Click button to enter the edit page of this
report profile for other parameters.
4
Statistics Report Management _ Wireless Report (Cont.)
Procedures:
5. Change the parameters of the report if necessary. Name: Name of the report profile.
Report Type: Specify the type for the report which including two options available:
5 Site: The report will contain statistics summary of all APs within the site.
AP: The report will contain statistics of selected AP only.
Report Duration: Specify the duration of the statistics in the report.
Report Category: Specify the category of statistics in the report. By default, all
categories are included.
Enable Schedule: Specify the schedule task to generate the report. By default it is disabled.
1. Schedule Period: specify the period of report generation.
2. Enable Schedule Email: Specify email address of receiver to receive the alert notification.
There are four options available:
a) Custom: fill in detail email address, Max. 4 addresses are supported.
b) To Administrator of this site: Specify alert notification email to the administrator
account of this site.
c) To Monitor of this site: Specify alert notification email to the monitor account of this site.
d) To Administrator and Monitor of this site: Specify alert notification email to the administrator
and monitor account of this site.
(Detail of Administrator and monitor account refer to section Create Admin Account for
Site/Service Domain)
Statistics Report Management _ Wireless Report (Cont.)
Procedures:
6. Save the settings of report profile and generate the report..
Save Button: Save the setting of report profile.
PDF Button: Create the report in PDF format at once and

you can save it in your computer.
Data Button: Download the original data of report in

archive format.
Statistics Report Management _ Wireless Report Overview
Site Report Example (Last 24 Hours):;
Basic Site Configuration

Summary
WLAN Configuration Summary

Type of the Statistics
table
report: Site or AP
Top 10 AP table by ranked by

Report Name which traffic usage.
can be modified in
report profile.
Bottom 10 AP table by ranked
The name of site which
by traffic usage.
this report belong to.
The name of AltaiCare

Project. Graph of AP online / offline
statistics in specific duration.
Report Generation Time

Statistics Report Management _ Wireless Report Overview (Cont.)
Table of total Uplink / Downlink

Traffic within the site..
Table of average Uplink /

Downlink Traffic within the site..
Table of Latest 50 active
alerts.
Graph of UL/DL traffic statistics
per minute (last 24hours report) /
per 15mins (last 7days or last
month report) / per day (last
12moths report).
Graph of UL/DL throughput

statistics per minute (last 24hours
report) / per 15mins (last 7days or
last month report) / per day (last
12moths report).
The table of total traffic

per Radio within the
site.
The table and graph of total The table of average

traffic per WLAN within the site. throughput per Radio
within the site.
Graph of traffic statistics

based on radio per
minute (last 24hours
report) / per 15mins (last
7days or last month
report) / per day (last
12moths report).
Graph of average
The table and graph of
throughput based on
average traffic per WLAN
radio per minute (last
within the site.
24hours report) / per
15mins (last 7days or last
month report) / per day
(last 12moths report).
The graph of RSSI distribution

statistics
The table of average

station count
The graph of associated

station statistics per min.
The graph of RSSI distribution
statistics based on radio.
The table of average

station count based on
WLAN.
The graph of associated

station statistics based
on WLAN per min.
Table of radio environment summary per radio.
Graph of noise level statistics per min (last 24hours report) / per 15mins
(last 7days or last month report) / per day (last 12moths report).
Graph of channel usage statistics per min (last 24hours report) / per
15mins (last 7days or last month report) / per day (last 12moths
report).
Statistics Report Management _ Service Report
The service report will contain the statistics from the users who pass the authentication such as captive portal and radius within the domain.
Procedures:
1. Click button to create a report profile.
2 2. Give a name to the report profile.

3
4. Click button to enter the edit page of this report
profile for other parameters.
4
Statistics Report Management _ Service Report (Cont.)
Procedures:
5. Change the parameters of the report if necessary.
5 Name: Name of the report profile.
Report Duration: Specify the duration of the statistics in the report.

Three options available: Last 24hours / Last 7days / Last 1 month
Report Category: Specify the category of statistics in the report. By

default, all categories are included.
Enable Schedule: Specify the schedule task to generate the report. By default it
is disabled.
1. Schedule Period: specify the period of report generation.
2. Enable Schedule Email: Specify email address of receiver to receive the
alert notification. There are four options available:
a) Custom: fill in detail email address, Max. 4 addresses are supported.
b) To Administrator of this site: Specify alert notification email to the
administrator account of this site.
c) To Monitor of this site: Specify alert notification email to the monitor
account of this site.
d) To Administrator and Monitor of this site: Specify alert notification email to
the administrator and monitor account of this site.
(Detail of Administrator and monitor account refer to section Create Admin
Account for Site/Service Domain)
Statistics Report Management _ Service Report (Cont.)
Procedures:
6. Save the settings of report profile and generate the report..
Save Button: Save the setting of report profile.
PDF Button: Create the report in PDF format at once and

you can save it in your computer.
Data Button: Download the original data of report in

archive format.
Statistics Report Management _ Service Report Overview
Service Report Example (Last 24 Hours):;
Table of current user account

including available user
account number and first
login account number.
Type of the Statistics

report: Domain
Graph of total user account
and active user account per
15mins.
Report Name which can be

modified in report profile.
The name of site which this
report belong to.
Graph of first-time login user
account number per 15mins.
The name of AltaiCare
Project.
Report Generation Time

Statistics Report Management _ Service Report Overview (Cont.)
Service Report Example (Last 24 Hours):;
Table of login time distribution summary based

on online duration.
Table of the average

login session based on
office time and non-
office time
Graph of login time distribution summary based on

online duration.
Graph of the login

session number
statistics per 15mins.
Table of total traffic from the login users.

Graph of the average
login time statistics per
Graph of online users’ traffic statistics per 15mins.
15mins.
Statistics Monitoring
Statistics of Site Dashboard
Site statistics Summary in real

time.
Graph of traffic and throughput

based on time period.
Map window
Statistics of Site Dashboard (Cont.)
Graph of Radio usage(in %) and

noise level based on time
Graph of station association period..
and RSSI distribution statistics
based on time period..
Graph of AP online/offline statistics

Statistics of Site Dashboard (Cont.)
Table of AP/Station ranked by traffic. Top and

bottom 10 APs will be displayed.
Statistics of AP Dashboard
Go to “Wireless” -> “Network” -> “Access Point”, Click the “AP Name”
or button to access to the dashboard page of individual AP.

Statistics of AP Dashboard (Cont.)
Basic performance statistics of AP in real time. Reapply Button

1) Station number and average RSSI per Radio; Firmware Update Button
2) UL/DL total traffic and throughput per radio.
Reboot Button
Auto Refresh Button
Edit button for access to

the edit page of AP.
Topology view button.
Configuration summary of the AP.

1) General Info;
2) Network Info;
3) Radio1 / Radio2 Info.
Graph of login time distribution

which is only available for the
radius authenticated users..
Graph of traffic and aver

throughput based on time
period. Top 10 station ranked by total
traffic.
Graph of Radio usage(in %)

and noise level based on time
Graph of station association period..
and RSSI distribution statistics
Graph of AP online/offline statistics

Fetch System log button: fetch the

system log from the AP.
Fetch Statistics log button: fetch the

statistics log from the AP.
Station List
You can check the stations associating to the site or particular AP.
Go to “Wireless” -> “Network”

-> “Station” to get the Station
Association List of the site.
Station Mac: Displays the client’s MAC address. RSSI: Indicates how strong the client’s signal is received at the AP.
ASSO AP Name: Displays the name of AP that client associate to. SNR: Indicates how strong the client’s signal is received at the AP. The signal strength
ASSO AP Mac: mac address of AP that station associate to. is shown by uplink SNR (Signal to Noise Ratio) in dB.
IP Address: Displays the client’s IP address.. Traffic: Indicates the accumulated traffic amount that has been transmitted or
SSID: Displays the name of SSID that client associate to. received by the AP for the associated client.
Band: Displays the Radio that client associate to. Throughput: Indicates the real-time speed of traffic (in bps) being transmitted or
Security Mode: Indicates current authentication mode setting for the WLAN received by the AP for the associated client.
that client associate to. Data Rate: Indicates the real-time data rate to be used for data frame transfer over
Device Type: Displays the client’s OS type. the air.
VLAN: VLAN ID of WLAN that client associate to. Connection Time: Indicates how long the client stays connected with the AP.
Station List (Cont.)
Go to “Wireless” -> “Network” -> “Access Point” and Click

icon to get the station list of current radio under the
AP.
Go to “Wireless” -> “Network” -> “Access Point” and Click

icon to jump to the station association list of individual
AP.
Statistics of Domain Dashboard
Go to “Service” -> “Domain List” and click on the

“Domain Name” to jump to the dashboard page
of the domain.
Statistics of Domain Dashboard (Cont.)
Site statistics Summary in real

Auto Refresh Button.
time.
Graph of the login time

distribution, number of
session and average
login time based on
Graph of total user time period.
account and first
login account based
on time period.
Statistics of Domain Dashboard (Cont.)
Graph of the total traffic from the login users and table
of today top/bottom 10 account ranked by traffic.
Rank list of top / bottom 10 Advertisement based on

the click counts.
Rank list of domain based on traffic

usage.
-End of Document-
Copyright © 2021 Altai Technologies Limited

ALL RIGHTS RESERVED.
Altai Technologies Limited

Unit 209, 2/F, Lakeside 2,
10 Science Park West Avenue,
Hong Kong Science Park,
Shatin, New Territories,
Hong Kong
Telephone: +852 3758 6000

Fax: +852 2607 4021
Web: www.altaitechnologies.com
Customer Support Centre:

Email: support@altaitechnologies.com

AltaiCare User Guide - v2.4-202103

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AltaiCare User Guide - v2.4-202103

Uploaded by

Copyright:

Available Formats

________________________________________

Wireless Network Management Feature Highlights:

Service Control Feature Highlights:

Legend Gateway for ALL AP

NATed CAPWAP Management Traffic to/from

Distribution Switch Note: VLAN setup is optional. You can

Legend Gateway for ALL AP and wireless clients

Care_UDT_Portal VLAN 100 (MGT VLAN)

NATed Client Traffic to/from Internet A3c:

Distribution Switch Note: VLAN setup is optional. You can

User opens a Web Browser AltaiCare as RADIUS server

# 2.4G and 5G clients will get IP

User Identity Verified OK and

Inbound Traffic Inbound Traffic Inbound Traffic

Wireless Client AP AltaiCare (On-

Client Association to AP as RADIUS client &

Access Challenge Message Exchange

RADIUS Access - Accept

Inbound Traffic Inbound Traffic

1. Custom Template (Built-In)

Login Feature Flexibility on Portal

3. Package Upload (Built-In/External)

2 3. Click “Submit” button

Note: AltaiCare service is not supported under

IMPORTANT NOTE: DNS Server IP is required to

Note: Make sure the firewall and IP routing settings

2 of the local network allow the AP traffic to reach

7 Note: All network nodes and links should be

Note: AltaiCare runs on a project basis. You will be given a

Site A (Default) Site B … Domain A

AP Group AP Group User Group(s) User Group(s)

AP Management Service Management

Note: Three level access controls:

Site Admin Site Monitor Domain Admin Domain Monitor

A8n/A8n(ac) series: 25 credits per day per unit

Scenario 1: 1 x A8Ein for 4 days

Note: For the best compatibility,

Note: HTTP and HTTPS are

2 Enter the project account

Management Tabs Function Buttons

Navigation Pane Content Window

Dashboard: Display a summary on wireless statistics about Site

Network > Access Point: Manage a pool of AP for Site/Branch setup

System > Firmware: Show a list of available firmware for update

Project (For Project Admin ONLY): Manage admin/monitor accounts of the

Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Step 9

Portal 6a: Custom

By default, it is set as Auto.

Channel / Auto Channel Selection Interval (Min): See next slide

Channel: Set operating frequency channel for 2.4G and 5G radios.

By default, it is set as Auto.

AP ACCESS ACCOUNT SETTINGS: Set the access account for admin/guest to

Note: Remember to click button at the page bottom to make all

(1) WPA/Portal: Use “username/password” as user account for #portal authentication or 5

5. Click button to confirm the user group creation.

Overall, we created the following 5 user groups for the demo:

We provide the following three ways of user account generation.

Supported User Account Type

(2) User Account Batch Import

(3) Voucher-based User

Overall, we created the following 4 user accounts for the demo:

Account Name Username Password User Group Purpose