Configuring Captive Portal
Use the following links to learn how to configure captive portal for the guest network:
Configuring Internal Captive Portal
You can configure an internal captive portal splash page when adding or editing a guest network created for your Instant On site. Following are the internal captive portal configuration parameters:
Configuring External Captive Portal
You can configure an external captive portal for your guest network in one of the following ways:
- Use third-party captive portal
- Customize an external captive portal by configuring RADIUS authentication and accounting parameters.
Using Third-Party Captive Portal Providers
Instant On supports the following third-party captive portal providers:
- Aislelabs
- Purple WiFi
- Skyfii.io
- Wavespot
- Zoox
To use third-party providers for external captive portal, follow these steps:
- Under , select the preferred provider tile . You must have an account with the selected provider.
- Configure the following parameters:
- —Enter the social Wi-Fi identifier provided by the provider. This field is applicable only for Aislelabs.
- —Select the preferred server from the drop-down list. This field is applicable only for Aislelabs.
- —Select the region from the drop-down. This field is not applicable for Aislelabs.
- — Slide the toggle switches to enabled () , to allow access to social network domains. Enter a domain name in the and click to add additional domains. This allows unrestricted access to additional domains.
- Click .
Customizing the Captive Portal Page
You can customize an external captive portal splash page if you do not wish to use above mentioned third-party providers.
To customize the external captive portal, follow these steps:
- Under , select the tile on the page.
-
The Custom external captive portal offers two types of user accessibility to the Internet through the guest portal under Guest user access. Choose one of the following options.
-
User authentication (default)—Users are required to enter their credentials in the guest portal page to access the Internet. The credentials entered by the user are sent to the RADIUS server for validation. This is the default setting for the custom external captive portal.
-
Guest portal acknowledgement—The guest portal must return a predefined string Aruba.InstantOn.Acknowledge to grant user access to the Internet. When selected, a predefined authentication text is returned by the external server after successful user authentication.
-
- Configure the following external captive portal configuration parameters:
- —Enter the IP address or fully qualified domain name of the external RADIUS server.
- —Enter a shared key for communicating with the external RADIUS server.
- Instant On AP retries to send the request several times (as configured in the ) before the user gets disconnected. —Specify a timeout value in seconds. The value determines the timeout for one RADIUS request. The
- —Specify a number between 1 and 5. Indicates the maximum number of authentication requests that are sent to the server group, and the default value is 3 requests.
- —Enter the authorization port number of the external RADIUS server within the range of 1–65,535. The default port number is 1812.
- —Enter the accounting port number within the range of 1–65,535. This port is used for sending accounting records to the RADIUS server. The default port number is 1813.
- —Enter a string value for RADIUS attribute 32, NAS Identifier, to be sent with RADIUS requests to the RADIUS server.
- Instant On devices are configured in a private network mode. The options below determine how the RADIUS authentication takes place across all networks.
- —This is the default setting. The RADIUS requests and NAS IP address will originate from each device authenticating the clients.
- —The RADIUS and NAS IP address will originate from a single IP address representing the site. Enter the for the site.
—Select one of the following options if your NAS Identifier—Enter a string value for RADIUS attribute 32, NAS Identifier, to be sent with RADIUS requests to the RADIUS server.
NAS IP Address—Select one of the following options if your Instant On devices are configured in a private network mode. The options below determine how the RADIUS authentication takes place across all networks. This option is grayed out if the Instant On AP is configured as a primary Wi-Fi router on the network. In which case each AP in the network will send RADIUS requests to the server with a matching Source IP address and NAS IP address.
Use device IP (default)—This is the default setting. The RADIUS requests and NAS IP address will originate from each device authenticating the clients.
Use a single IP—The RADIUS and NAS IP address will originate from a single IP address representing the site. Enter the NAS IP address for the site.
Table 2: External Captive Portal Configuration
Parameter Description Enter the URL for the external captive portal server.
Specify a redirect URL if you want to redirect the users to another URL.
Slide the toggle switches to enabled () , to allow access to social network domains. Enter a domain name in the
and click to add additional domains. This allows unrestricted access to additional domains.Slide the toggle switch to enabled (), to ensure the Instant On AP sends a status-server request to determine the actual state of the accounting server before marking the server as unavailable.
Configure a primary RADIUS server for authentication by updating the following fields:
Click the
link to configure the following parameters:Configure the following settings under Instant On AP to the client.
, if you wish to proxy all RADIUS requests from theThis option is grayed out if the Instant On AP is configured as a primary Wi-Fi router on the network. In which case each AP in the network will send RADIUS requests to the server with a matching Source IP address and NAS IP address.
To configure a Secondary RADIUS Server, slide the toggle switch to the right ().
The configuration parameters for the and the are the same.
Network Access Attributes
This option is available only if User authentication (default) is selected under Guest user access. Configure the following parameters under network access attributes:
- Click .