Wireless Configuration
Under Wireless Configuration on the left choose Networks.
Click on Create New and configure as per below:
| Type | Wireless |
| Name (SSID) | Guest WiFi |
| Primary Usage | Guest |
Click Next and configure with the following:
| Client IP Assignment | Virtual Controller Assigned |
Click Next and configure with the following:
| Splash Page Type | External |
| Captive Portal Profile | Choose New... |
Configure with:
| Name | guestwifi |
| Type | Radius Authentication |
| IP or Hostname | *insert access_domain here* |
| URL | /access/ |
| Port | 80 |
| Use HTTPS | Disabled |
| Captive Portal Failure | Deny Internet |
| Automatic URL Whitelisting | Disabled |
| Redirect URL | *insert redirect_url here* |
Click Save.
| WISPr | Disabled |
| Encryption | Disabled |
| MAC Authentication | Disabled |
Authentication Server 1: Choose New... and configure with:
| Name | guestwifi1 |
| IP Address | *insert radius_server_ip here* |
| Shared Key | *insert radius_secret here* |
| Retype Key | as above |
All other values should be left at their defaults.
Click Save Server.
Authentication Server 2: Choose New... and configure with:
| Name | guestwifi2 |
| IP Address | *insert radius_server2_ip here* |
| Shared Key | *insert radius_secret here* |
| Retype Key | as above |
All other values should be left at their defaults.
Click Save Server.
| Load Balancing | Disabled |
| Reauth Interval | 24 hrs |
| Accounting | Enabled |
| Accounting Mode | Authentication |
| Accounting Interval | 4 min |
| Blacklisting | Disabled |
| Walled Garden | Click on 0 blacklist, 0 whitelist and add each domain to the whitelist: Enter the required domains one per line. Please refer to this list. |
Click on Next.
Access Rules: Role Based
Under Role click on New and enter Preauth as the Name. Click OK to add.
Now, under Access Rules for Selected Roles click on the Plus icon.
You will need to add a new rule one by one for each of the following as per the domain list you added earlier:
| Access Rule Template | Access Control / Network / Any / Allow / To a Domain Name: *insert domain here* |
Click Save for each, then add the next until all are listed.
Finally, add the following rule:
| Final Fallback Rule | Access Control / Network / Any / Deny / To All Destinations |
Now, under the Role on the left choose default_wired_port_profile, and tick the box Assign Pre-authentication Role and select Preauth.