Log in to your HP Cloud Manager account at https://hpcloudnetworkmanager.com
Under Wireless Configuration on the left choose Networks.
Click on Create New and configure as per below:
- Type: Wireless
- Name (SSID): Guest WiFi
- Primary Usage: Guest
Click Next and configure with the following:
- Client IP Assignment: Virtual Controller Assigned
Click Next and configure with the following:
- Splash Page Type: External
- Captive Portal Profile: Choose New... and configure with:
- Name: guestwifi
- Type: Radius Authentication
- IP or Hostname: *insert access_domain here*
- URL: /access/
- Port: 80
- Use HTTPS: Unticked
- Captive Portal Failure: Deny Internet
- Automatic URL Whitelisting: Unticked
- Redirect URL: *insert redirect_url here*
Click on Save - WISPr: Disabled
- Encryption: Disabled
- MAC Authentication: Disabled
- Authentication Server 1: Choose New... and configure with:
- Name: guestwifi1
- IP Address: *insert radius_server_ip here*
- Shared Key: *insert radius_secret here*
- Retype Key: as above
All other values should be left at their defaults.
Click on Save Server Authentication Server 2: Choose New... and configure with:
- Name: guestwifi2
- IP Address: *insert radius_server2_ip here*
- Shared Key: *insert radius_secret here*
- Retype Key: as above
All other values should be left at their defaults.
Click on Save ServerLoad Balancing: Disabled
Reauth Interval: 24 hrs
Accounting: Enabled
Accounting Mode: Authentication
Accounting Interval: 3 min
Blacklisting: Disabled
Walled Garden: Click on 0 blacklist, 0 whitelist and configure with:
Under Whitelist click on New and enter the below domains, one by one:- *insert access_domain here*
- cloudfront.net
- openweathermap.org
- venuewifi.com
stripe.com
Click on Ok to add each one and then add the next until you have all the domains listed.
Click on Next
- Access Rules: Role Based
Under Role click on New and enter Preauth as the Name. Click Ok to add.
Now, under Access Rules for Selected Roles click on the Plus icon
You will need to add a new rule one by one for each of the following:
- Access Control / Network / Any / Allow / To a Domain Name: *insert access_domain here*
- Access Control / Network / Any / Allow / To a Domain Name: akamaihd.net
- Access Control / Network / Any / Allow / To a Domain Name: cloudfront.net
- Access Control / Network / Any / Allow / To a Domain Name: openweathermap.org
- Access Control / Network / Any / Allow / To a Domain Name: venuewifi.com
Access Control / Network / Any / Allow / To a Domain Name: stripe.com
Click on Save to each one and then add the next until all are listed.
Finally, add the following rule:
- Access Control / Network / Any / Deny / To All Destinations
Now, under the Role on the left choose default_wired_port_profile, and tick the box Assign Pre-authentication Role and select Preauth.