| Important Note: You need to be running firmware version 4.6.5R or above in order to proceed. |
RADIUS Configuration
Log in to your Wireless Controller interface and click on Configuration at the top. On the left menu, choose Security > AAA > RADIUS.
Click Add and configure the primary server with the following settings:
| Type | Auth/Acct |
| IP Address | *insert radius_server_ip here* |
| Shared Secret Format | ASCII |
| Shared Secret | *insert radius_secret here* |
| Confirm Shared Secret | as above |
| Auth Port Number | 1812 |
| Acct Port Number | 1813 |
| CoA | Enable |
| Password Type | MAC Address |
| MAC Delimiter | Hyphen |
| MAC Case | Upper |
Click Apply to Save. Click Add again and configure the secondary server with the following settings:
| Type | Auth/Acct |
| IP Address | *insert radius_server2_ip here* |
| Shared Secret Format | ASCII |
| Shared Secret | *insert radius_secret here* |
| Confirm Shared Secret | as above |
| Auth Port Number | 1812 |
| Acct Port Number | 1813 |
| CoA | Enable |
| Password Type | MAC Address |
| MAC Delimiter | Hyphen |
| MAC Case | Upper |
Click Apply to Save.
Access Control Lists (IP ACL)
Next, go to Security > Access Control Lists > IP ACL. Click Add and enter the following baseline rule parameters:
| Name | guestwifi |
| Sequence | 1 |
| Protocol | Any |
| Source | Any |
| Source Port | Any |
| Destination | URL: *insert access_domain here* |
| Destination Port | Any |
| Action | Permit |
Click Apply to Save. You will be taken back to the ACL list. Click directly on the guestwifi target name inside the panel in order to append further rules. Click Add at the top, and using the exact alignment format described above, map out entries for each required domain on the platform's walled garden target lists. Please refer to this list.
Captive Portal Web Service
Next, click on Security > Captive Portal > Web Service and set both the Domain Name and IP Address parameters explicitly to the local IP address of your controller (type the exact same device IP you are using to access this management interface in your browser). Click Apply to Save.
WLAN Configuration
Next, click on WLANs > WLANs and click Add. Configure the layout baseline with the following:
| Profile Name | guestwifi |
| SSID | Guest WiFi (or whatever you wish) |
| Interface Group | Select your preferred interface |
| Radio Area | 2.4GHz/5GHz |
Click Apply to Save. Now, click on the active WLAN ID string you just generated to edit properties.
On the General tab, configure:
| AAA Override | Enable |
| Admin Status | Enable |
Click Apply to Save. On the Security > L2 tab, configure:
| L2 Security Type | None |
Click Apply to Save. On the Security > L3 tab, configure:
| Web Policy | Enable, choose Web Authentication from the list |
| Pre-Authentication ACL | guestwifi |
| Web Page Type | External |
| URL | *insert access_url here* |
Under the Web Authentication options block:
| Server Type | RADIUS |
| Primary RADIUS Server | *insert radius_server_ip here* : 1812 |
| Secondary RADIUS Server | *insert radius_server2_ip here* : 1812 |
| Cache Duration | 30 |
| After Authentication | Select Redirect URL and enter: *insert redirect_url here* |
Under the Web Accounting options block:
| Primary RADIUS Server | *insert radius_server_ip here* : 1813 |
| Accounting Interval | 3 |
Click Apply to Save.
HTTP-HTTPS Administration
Next, click on Administration at the top menu then select HTTP-HTTPS on the left row. Configure with the following values:
| HTTP | Enable |
| Captive Portal Port | 80 |
Click Apply to Save.
Console CLI Enforcement
The final step requires opening an SSH connection or console cable interface directly to the controller to execute a manual system override statement. This modification is mandatory for access tokens and redirect features to process flawlessly. Once authenticated to the prompt loop, commit the following commands line by line:
| CLI Commands | conf t security captive-portal radius-called-station-id ap-mac exit save local |
Free Guest WiFi
Purple App
SecurePass
Splash Access