Welcome to Purple Support

Samsung WEC

  • Updated

NOTE: You need to be running firmware version 4.6.5R or above in order to proceed.

 

Log in to your Wireless Controller interface and click on Configuration at the top. On the left menu, choose Security > AAA > RADIUS.

Click Add and configure with the following:

  • Type: Auth/Acct
  • IP Address: *insert radius_server_ip here*
  • Shared Secret Format: ASCII
  • Shared Secret: *insert radius_secret here*
  • Confirm Shared Secret: as above
  • Auth Port Number: 1812
  • Acct Port Number: 1813
  • CoA: Enable
  • Password Type: MAC Address
  • MAC Delimiter: Hyphen
  • MAC Case: Upper
Click Apply to Save

Click Add again and configure with the following:

  • Type: Auth/Acct
  • IP Address: *insert radius_server2_ip here*
  • Shared Secret Format: ASCII
  • Shared Secret: *insert radius_secret here*
  • Confirm Shared Secret: as above
  • Auth Port Number: 1812
  • Acct Port Number: 1813
  • CoA: Enable
  • Password Type: MAC Address
  • MAC Delimiter: Hyphen
  • MAC Case: Upper

Click Apply to Save

 

Next, go to Security > Access Control Lists > IP ACL. Click Add and enter the following:

  • Name: guestwifi
  • Sequence: 1
  • Protocol: Any
  • Source: Any
  • Source Port: Any
  • Destination: URL: *insert access_domain here*
  • Destination Port: Any
  • Action: Permit
Click Apply to Save. You will be taken back to the ACL list. Click on the guestwifi name in order to add more rules. Click Add at the top and as per above, create a rule for each of the required domains. Please refer to this list.

Next, click on Security > Captive Portal > Web Service and set both the Domain Name and IP Address to the local IP address of your controller (Same IP as you access the web interface in your browser). Click Apply to Save.

 

Next, click on WLANs > WLANs and click Add. Configure with the following:
  • Profile Name: guestwifi
  • SSID: Guest WiFi (or whatever you wish)
  • Interface Group: Select your preferred interface
  • Radio Area: 2.4GHz/5GHz
Click Apply to Save. Now, click on the WLAN ID you just created.
On the General tab, configure:
  • AAA Override: Enable
  • Admin Status: Enable
Click Apply to Save. On the Security > L2 tab, configure:
  • L2 Security Type: None

Click Apply to Save. On the Security tab > L3 tab, configure:

  • Web Policy: Enablechoose Web Authentication from the list
  • Pre-Authentication ACL: guestwifi
  • Web Page Type: External
  • URL: *insert access_url here*
Under Web Authentication:
  • Server Type: RADIUS
  • Primary RADIUS Server: *insert radius_server_ip here* : 1812
  • Secondary RADIUS Server: *insert radius_server2_ip here* : 1812
  • Cache Duration: 30
  • After Authentication: Select Redirect URL and enter: *insert redirect_url here*
Under Web Accounting:
  • Primary RADIUS Server: *insert radius_server_ip here* : 1813
  • Accounting Interval: 3

 

Click Apply to Save.

 

Next, click Administration at the top then HTTP-HTTPS on the left. Configure with the following: 

  • HTTP: Enable
  • Captive Portal Port: 80
Click Apply to Save.

 

The final step is to SSH or console in to the controller to run a command. This is required in order for authentication to work correctly. Once logged in to the console, enter the following commands one line at a time:

 

# conf t

security captive-portal radius-called-station-id ap-mac

exit

save local

Share online:
Was this article helpful?
0 out of 0 found this helpful