Log in to your ExtremeCloud IQ web interface
Click on Configuration at the top and then on Guided Configuration on the left.
Under Choose Network Policy click New and configure with:
Name | GuestWiFi |
Wireless Access | Enabled |
Switching | Disabled |
Branch Routing | Disabled |
Bonjour Gateway | Disabled |
Click on Create to continue
Next to SSIDs click Choose. Click on New and configure with:
Profile Name | guestwifi |
SSID | Guest WiFi (or whatever you wish) |
Enabled Captive Web Portal | Enabled |
All other settings can be left at their defaults.
Click Save and then OK
Next, click on <Captive Web Portal> and choose New. Configure with:
Name | guestwifi |
Registration Type | External Authentication |
Under Captive Web Portal Login Page Settings:
Login URL | *insert access_url here* |
Passwor Encryption | No Encryption |
Authentication Method | PAP |
Under Captive Web Portal Success Page Settings:
Show the success page... | Disabled |
After a successful login | Redirect to an external page |
Use simple URL address | *insert redirect_url here* |
Under Optional Advanced Configuration:
Use network default settings | Enabled |
Use HTTP 302 a the redirection method | Enabled |
Enable HTTPS | No |
Under Walled Garden:
IMPORTANT: You will need to add the below entries one by one. Click on New, enter the domain and then click Apply. Repeat this until you have all domains in the list below.
*insert access_domain here* |
*stripe.com |
*venuewifi.com |
*openweathermap.org |
*cloudfront.net |
If you wish to support social network logins, you also need to add the domains below for each network you plan to support.
*facebook.com *fbcdn.net *akamaihd.net connect.facebook.net | |
*twitter.com *twimg.com | |
*linkedin.com *licdn.net *licdn.com | |
*instagram.com | |
*weibo.com login.sina.com.cn | |
VKontakte | *vk.me *vk.com |
Click Save
Next, click on <RADIUS Settings> and choose New. Configure with:
RADIUS Name | guest |
Under Add a New RADIUS Server configure with:
IP Address/Domain Name | *insert radius_server here* |
Server Type | Auth/Acct |
Shared Secret | *insert radius_secret here* |
Confirm Secret | as above |
Server Role | Primary |
Click Apply to add, and then click on New to add another:
IP Address/Domain Name | *insert radius_server2 here* |
Server Type | Auth/Acct |
Shared Secret | *insert radius_secret here* |
Confirm Secret | as above |
Server Role | Backup1 |
Click Apply again, and then click on Save
Under User Profile click on Add/Remove.
Select default-profile and click Save
Further down the page, beside Advanced Settings click Edit
Click on Service Settings and beside ALG Services click the Plus (+) icon Configure with:
Name | guestwifi |
DNS | Enabled |
HTTP | Enabled |
Click on Save and then Save again at the top right.
Finally, click on Continue at the top right.
You are now asked which of your access points you wish to push the new settings to (typically all your access points). Select all that apply, and click Update > Update Devices
Click Update.