| IMPORTANT: Please ensure you are running SmartZone v3.0 or above in order to continue. |
Start by logging into your SmartZone web interface.
Step 1 - Authentication
Click Services & Profiles > Authentication on the left. Click the Proxy (SZ Authenticator) tab then Create and configure with:
| Name | Guest WiFi |
| Service Protocol | RADIUS |
| Primary Server IP Address | *insert radius_server_ip here* |
| Port | 1812 |
| Shared Secret | *insert radius_secret here* |
| Confirm Secret | as above |
| Backup RADIUS | Enable Secondary Server |
| Secondary Server IP Address | *insert radius_server2_ip here* |
| Port | 1812 |
| Shared Secret | *insert radius_secret here* |
| Confirm Secret | as above |
Click OK to save. Next, click Accounting on the left. Click the Proxy tab then Create and configure with:
| Name | Guest WiFi Acct |
| Primary Server IP Address | *insert radius_server_ip here* |
| Port | 1813 |
| Shared Secret | *insert radius_secret here* |
| Confirm Secret | as above |
| Backup RADIUS | Enable Secondary Server |
| Secondary Server IP Address | *insert radius_server2_ip here* |
| Port | 1813 |
| Shared Secret | *insert radius_secret here* |
| Confirm Secret | as above |
Click OK to save.
Step 2 - Hotspot
Click Hotspots & Portals on the left. Click the Hotspot (WISPr) tab then Create and configure with:
| Portal Name | Guest Wi-Fi |
| Smart Client Support | None |
| Login URL | External |
| Redirect unauthenticated users to (Primary) | *insert access_url here* |
| Redirected MAC Format | AA-BB-CC-DD-EE-FF |
| HTTPS Redirect | ON |
| Start Page - Redirect to the following URL | *insert redirect_url here* |
| Walled Garden | Add the required domains one by one. Please refer to this list. |
Click OK to save.
Step 3 - Wireless LAN
Click Wireless LANs on the left, then click Create. Configure with:
Under General Options:
| Name | Guest Wi-Fi |
| SSID | Guest Wi-Fi (or whatever you wish) |
| Zone | Select a zone |
| WLAN Group | Select a group (or default) |
Under Authentication Options:
| Authentication Type | Hotspot (WISPr) |
| Method | Open |
Under Encryption Options:
| Method | None |
Under Hotspot Portal:
| Hotspot (WISPr) Portal | Guest Wi-Fi |
| Bypass CNA | Off |
| Authentication Service | ON - Use Controller as proxy - Guest WiFi |
| Accounting Service | ON - Use Controller as Proxy - Guest WiFi Acct |
| Send interim update | every 2 Minutes |
Under RADIUS Options:
| NAS ID | AP MAC |
| Delimiter | Dash |
| Single Session ID Accounting | ON |
| Called Station ID | AP MAC |
Click OK to save.
Step 4 - Northbound API
Click System > General Settings on the left and then the WISPr Northbound Interface tab. Configure as follows:
| Enable Northbound Portal Interface Support | ON |
| User Name | api |
| Password | enter any password you choose |
Click OK to save.
To complete the set up you will need to log in to your portal, and under Management > Venues > Edit Venue > Options you will need to enter your SmartZone Public Hostname or IP, Northbound Username and the Northbound Password you chose above. This allows our system to talk to the SmartZone for authenticating users and is a mandatory step.
| IMPORTANT: In order for our system to authenticate users, you are required to set up a Port Forward on your firewall/router to allow traffic inbound. |
Please create a new port forward with the following:
| Local/Internal IP | Your Smartzone internal LAN IP (e.g. 192.168.0.1) |
| Protocol | TCP |
| Destination Port | 9080 (http) or 9443 (https; recommended) |
The configuration is now complete.
| SecurePass Note: To enable our SecurePass WiFi solution please complete the steps below. This enables a secure, seamless WiFi connection for repeat users. |
Secure WiFi Configuration - Purple
On the top menu, go to Security > Authentication > Proxy (SZ Authenticator). Click Create and configure with:
Under Wi-Fi Operator click Create and configure with:
| Name: | Purple-Secure-Rad-Auth |
| Service Protocol: | RADIUS |
| Encryption: | ON (TLS) |
| CN/SAN Identity: | *.purple.ai |
| IP Address/FQDN: | rad1-secure.purple.ai |
| Port: | 2083 |
Click OK to Save. Next, on the top menu, go to Security > Accounting > Proxy. Click Create and configure with:
Under Wi-Fi Operator click Create and configure with:
| Name: | Purple-Secure-Rad-Acct |
| Service Protocol: | RADIUS Accounting |
| Encryption: | ON (TLS) |
| CN/SAN Identity: | *.purple.ai |
| IP Address/FQDN: | rad1-secure.purple.ai |
| Port: | 2083 |
Click OK to Save. Next, on the top menu, go to Services > Hotspot 2.0.
Under Wi-Fi Operator click Create and configure with:
| Name: | Purple |
| Domain Names: | securewifi.purple.ai |
| Signup Security: | Off |
| Friendly Names: | Purple |
Click OK to add. Under Identity Provider click Create and configure with:
| Name: | Purple |
| Realms: | Name: securewifi.purple.ai Encoding: RFC-4282 EAP Methods #1: EAP-TTLS (click Create) Auth Info: Non-EAP Inner Authentication Type Auth Type: PAP |
Click Next and Next again.
On the Authentication tab click Create and configure with:
| Realm: | securewifi.purple.ai |
| Service: | [RADIUS] Purple-Secure-Rad-Auth |
Click OK to add. Click Next.
On the Accounting tab click Enable Accounting and click Create. Configure with:
| Realm: | securewifi.purple.ai |
| Service: | [RADIUS] Purple-Secure-Rad-Acct |
Click OK to add. Click Next to Review and then OK to save.
The configuration is now complete.
Free Guest WiFi
Purple App
SecurePass
Splash Access