Configuring Captive Portal

Use the following links to learn how to configure captive portal for the guest network:

Configuring Internal Captive Portal

You can configure an internal captive portal splash page when adding or editing a guest network created for your Instant On site. Following are the internal captive portal configuration parameters:

Table 1: Internal Captive Portal Configuration

Parameter Description

Background

Click the box to view the color palette and choose a color for the background of the internal captive portal page.

Welcome Message

Design the welcome message by updating the following fields:

  • Text—Enter the text for the welcome message. Example: Welcome to Guest Network.
  • Font size—Drag the slider to set the size of the font.
  • Font color—Click the box to view the color palette and choose a color for the font.
  • Font family—Choose a font type from the drop-down list.

Logo / Image

Click the image icon to browse and upload an image from your device.

NOTE: Ensure that you upload the image only in the png, jpg, gif, or bmp formats.

Terms and Conditions

Design the terms and conditions section by updating the following fields:

  • Title text—Enter the title text. Example: Please read the Terms and Conditions before using the Guest Network.
  • Font size—Drag the slider to set the size of the font.
  • Font color—Click the box to view the color palette and choose a color for the font.
  • Font family—Choose a font type from the drop-down list.
  • Terms content—Enter or paste your terms and conditions in the text box.
  • Agree text—Enter a comment in the text box. For example: I agree to the terms and conditions.
    • Font color—Click the box to view the color palette and choose a color for the font.
    • Font family—Choose a font type from the drop-down list.

Accept Button

Design the Accept Button by updating the following fields:

  • Text—Enter the text for the accept button. Example: I agree to the terms and conditions.
  • Redirect URL—Specify the custom URL to which users should be redirected after clicking the accept button.
  • Border radius—Drag the slider to set the border radius of the accept button.
  • Background color—Tap the box to view the color palette and choose a color for the background.
  • Font color—Click the box to view the color palette and choose a color for the font.
  • Font family—Choose a font type from the drop-down list.

Configuring External Captive Portal

You can configure an external captive portal for your guest network in one of the following ways:

  • Use third-party captive portal
  • Customize an external captive portal by configuring RADIUS authentication and accounting parameters.

Using Third-Party Captive Portal Providers

Instant On supports the following third-party captive portal providers:

  • Aislelabs
  • Purple WiFi
  • Skyfii.io
  • Wavespot
  • Zoox

To use third-party providers for external captive portal, follow these steps:

  1. Under Select preferred provider, select the preferred provider tile . You must have an account with the selected provider.
  2. Configure the following parameters:
    • Social WiFi identifier—Enter the social Wi-Fi identifier provided by the provider. This field is applicable only for Aislelabs.
    • Preferred servers—Select the preferred server from the drop-down list. This field is applicable only for Aislelabs.
    • Select your region—Select the region from the drop-down. This field is not applicable for Aislelabs.
    • Allowed domains— Slide the toggle switches to enabled () , to allow access to social network domains. Enter a domain name in the New domain name and click to add additional domains. This allows unrestricted access to additional domains.
  3. Click Apply changes.

Customizing the Captive Portal Page

You can customize an external captive portal splash page if you do not wish to use above mentioned third-party providers.

To customize the external captive portal, follow these steps:

  1. Under Other, select the Custom tile on the Guest Portal page.
  2. The Custom external captive portal offers two types of user accessibility to the Internet through the guest portal under Guest user access. Choose one of the following options.

    • User authentication (default)—Users are required to enter their credentials in the guest portal page to access the Internet. The credentials entered by the user are sent to the RADIUS server for validation. This is the default setting for the custom external captive portal.

    • Guest portal acknowledgement—The guest portal must return a predefined string Aruba.InstantOn.Acknowledge to grant user access to the Internet. When selected, a predefined authentication text is returned by the external server after successful user authentication.

  3. Configure the following external captive portal configuration parameters:

      Table 2: External Captive Portal Configuration

      ParameterDescription

      Server URL

      Enter the URL for the external captive portal server.

      Redirect URL

      Specify a redirect URL if you want to redirect the users to another URL.

      Allowed domains

      Slide the toggle switches to enabled () , to allow access to social network domains. Enter a domain name in the New domain name and click to add additional domains. This allows unrestricted access to additional domains.

      Send RADIUS Accounting

      Slide the toggle switch to enabled (), to ensure the Instant On AP sends a status-server request to determine the actual state of the accounting server before marking the server as unavailable.

      Primary RADIUS Server

      Configure a primary RADIUS server for authentication by updating the following fields:

      • Server IP address or domain name—Enter the IP address or fully qualified domain name of the external RADIUS server.
      • Shared secret—Enter a shared key for communicating with the external RADIUS server.

       

      Click the More RADIUS parameters link to configure the following parameters:

      • Server timeout—Specify a timeout value in seconds. The value determines the timeout for one RADIUS request. The Instant On AP retries to send the request several times (as configured in the Retry count) before the user gets disconnected.
      • Retry count—Specify a number between 1 and 5. Indicates the maximum number of authentication requests that are sent to the server group, and the default value is 3 requests.
      • Authentication port—Enter the authorization port number of the external RADIUS server within the range of 1–65,535. The default port number is 1812.
      • Accounting port—Enter the accounting port number within the range of 1–65,535. This port is used for sending accounting records to the RADIUS server. The default port number is 1813.

       

      Configure the following settings under Network Access Attributes, if you wish to proxy all RADIUS requests from the Instant On AP to the client.

      • NAS identifier—Enter a string value for RADIUS attribute 32, NAS Identifier, to be sent with RADIUS requests to the RADIUS server.
      • NAS IP address—Select one of the following options if your Instant On devices are configured in a private network mode. The options below determine how the RADIUS authentication takes place across all networks.
        • Use device IP (default)—This is the default setting. The RADIUS requests and NAS IP address will originate from each device authenticating the clients.
        • Use a single IP—The RADIUS and NAS IP address will originate from a single IP address representing the site. Enter the NAS IP address for the site.

      NOTE: This option is grayed out if the Instant On AP is configured as a primary Wi-Fi router on the network. In which case each AP in the network will send RADIUS requests to the server with a matching Source IP address and NAS IP address.

      Secondary RADIUS Server

      To configure a Secondary RADIUS Server, slide the toggle switch to the right ().

      NOTE: The configuration parameters for the Secondary RADIUS Server and the Primary RADIUS Server are the same.

      Network Access Attributes

      This option is available only if User authentication (default) is selected under Guest user access. Configure the following parameters under network access attributes:

      • NAS Identifier—Enter a string value for RADIUS attribute 32, NAS Identifier, to be sent with RADIUS requests to the RADIUS server.

      • NAS IP Address—Select one of the following options if your Instant On devices are configured in a private network mode. The options below determine how the RADIUS authentication takes place across all networks. This option is grayed out if the Instant On AP is configured as a primary Wi-Fi router on the network. In which case each AP in the network will send RADIUS requests to the server with a matching Source IP address and NAS IP address.

      1. Use device IP (default)—This is the default setting. The RADIUS requests and NAS IP address will originate from each device authenticating the clients.

      2. Use a single IP—The RADIUS and NAS IP address will originate from a single IP address representing the site. Enter the NAS IP address for the site.

  1. Click Apply changes.