Ubiquiti UniFi Network

  • Updated
If you are using a hardware based device like Dream Machine, Router or CloudKey Gen2, please login to UniFi OS first then open the Network Application. You may need to install this application if not factory installed.

Log in to your UniFi Network web interface.
 

On the left menu click the Hotspot Manager icon, and then click Landing Page at the top.

On the right hand sidebar, click Authentication and choose External Portal Server. If prompted, enter *insert walled_garden_ip here* as the External Portal address and save.

Next, also on the right hand sidebar, click Settings. Configure with:

  • Default Expiration: 8 Hours
  • Show Landing Page: Yes 
  • HTTPS: No
  • Encrypted URL: No
  • Secure Portal: Yes
  • Domain: *insert access_domain here*
  • Authorization Access: Under Pre-Authorization rules add the following domains:
    Please refer to this list.

Click Save to confirm. Next, click Settings > WiFi on the left and then Create New. Configure with:

  • Name: Guest WiFi (or whatever you wish to broadcast)
  • Advanced: Manual
  • Hotspot Portal: Enabled
  • Security Protocol: Open

Click Add WiFi Network to save. You can now move on to the Venue Settings section below. 

Venue Settings

To complete the set up you will need to log in to your portal, and under the Venue Settings you will need to enter your UniFi Controller Public IP/Hostname and a valid Username/Password of an account you created on your local controller (not a UniFi cloud account).

We recommend not using your admin user, so set up a new one specifically for this. This allows our system to communicate with your controller to authenticate guest users and is a mandatory step.

IMPORTANT: If your UniFi Controller is not publicly accessible you will need to set up a port forward or firewall rule to allow this.

Please create a new port forward or firewall rule with the following:

  • Local/Internal IP: Your UniFi Controller Internal LAN IP (e.g. 192.168.0.1)
  • Protocol: TCP
  • Destination Port: 8443 (UniFi OS server: software) or 443 (UniFi OS hardware: UDM/UDW/UDR/CloudKey Gen2 etc)

Please contact support if you need assistance with the port forward/firewall setup and we'll do our best to help.
 

The configuration is now complete.

 

To enable our SecurePass WiFi solution please complete the steps below. This enables a secure, seamless WiFi connection for repeat users.

Secure WiFi Configuration - PurpleConnex

On the left menu, go to Settings > Networks. Under RADIUS Servers, click Create New and configure with:

Name: radsecure
RADIUS Assigned VLAN Support Wireless Networks
TLS Enabled
Client Certificate Provided by Purple
Private Key Provided by Purple
CA Certificate Provided by Purple
IP Address: 34.150.158.147
Port: 2083
Shared Secret: radsec
Accounting Servers: Enabled
IP Address: 34.150.158.147
Port: 2083
Shared Secret radsec
Interim Update Interval: Enabled - 240 seconds

Click Add to save.

Next, go to Settings > WiFi. Click Create New and configure with:

Name: PurpleConnex (or whatever you wish)
Application Hotspot
Hotspot Type Passpoint
Venue Name: Purple (or your venue name)
Network Type: Free Public Network
IP Address Type Availability IPv4: Single NATed private IPv4 address
IPv6: Not available
NAI Realm: Click Add and configure:

Name: securewifi.purple.ai
EAP Method: EAP-TTLS
Sub-Methods: PAP
Domain List: securewifi.purple.ai
Operator Friendly Name: Purple
Security Protocol: WPA2 Enterprise
External RADIUS Server: radsecure
PMF: Disabled
Client Device Isolation: Enabled
NAS ID: AP MAC

Click Apply Changes to save.

Share online:
Was this article helpful?
0 out of 1 found this helpful