Log in to your UniFi controller and click the Setting icon (bottom left).
On the left menu, under Wireless Networks click Create New Wireless Network and configure with:
- Name/SSID: Guest WiFi (or whatever you wish)
- Enabled: Enabled
- Security: Open
- Guest Policy: Enabled
Click Save to apply. Next, click on Guest Control configure with:
Under the Guest Policies header:
- Enable Guest Portal: Enabled
- Authentication: Hotspot
- Default Expiration: 8 hours
- Landing Page: Promotion URL - *insert redirect_url here*
- Use Secure Portal: Disabled
- Redirect using hostname: Disabled
- Enable HTTPS Redirection: Disabled
- Enable encrypted redirecet URL: Disabled
Under the Portal Customization header:
- Template Engine: AngularJS
- Override Default Templates: Enabled
Under the Hotspot header:
- RADIUS: Enabled
Under the RADIUS header:
Profile: click Create New RADIUS Profile and configure with:
- Profile Name: guestwifi
-
RADIUS Auth Server: *insert radius_server_ip here* Port: 1812 Password: *insert radius_secret here*
click Add Auth Server and configure with: - RADIUS Auth Server: *insert radius_server2_ip here* Port: 1812 Password: *insert radius_secret here*
- Accounting: Add the same servers as above, but with port 1813.
Click Save to continue.
- Authentication type: CHAP
Under the Access Control > Pre-Authorization header enter the following IP:
- *insert walled_garden_ip here*
If you wish to support social network logins, you also need to add further IP's as per below for each network you plan to support
31.13.24.0/21 31.13.64.0/18 45.64.40.0/22 66.220.144.0/20 69.63.176.0/20 69.171.224.0/19 74.119.76.0/22 103.4.96.0/22 129.134.0.0/16 157.240.0.0/16 173.252.64.0/18 179.60.192.0/22 185.60.216.0/22 204.15.20.0/22 |
|
199.16.156.0/22 199.59.148.0/22 199.96.56.0/21 192.133.76.0/22 104.244.42.0/24 104.244.43.0/24 104.244.46.0/24 |
|
91.225.248.0/23 103.20.94.0/23 108.174.0.0/22 108.174.4.0/24 108.174.8.0/22 108.174.12.0/23 144.2.0.0/22 144.2.192.0/24 216.52.16.0/23 216.52.18.0/24 216.52.20.0/23 216.52.22.0/24 65.156.227.0/24 8.39.53.0/24 185.63.144.0/24 185.63.147.0/24 199.101.161.0/24 64.152.25.0/24 8.22.161.0/24 |
NOTE: These IP ranges are subject to change depending on the social network setup.
Click Apply Changes to save.
Finally, you will need to modify two html on the controller so that it correctly redirects and authenticates. First of all, download the below two files:
Open the index.html file and at the top of this document you will see an item named "splashurl": Edit this so that it shows:
var splashurl = "*insert access_url here*";
Now, you need to copy these two html files to your UnifFi controller hotspot directory. This is typically located at the below location:
- Windows: C:\Users\<username>\Ubiquiti UniFi\data\sites\default\app-unifi-hotspot-portal
- MAC: ~/Library/Application Support/UniFi/data/sites/default/app-unifi-hotspot-portal
- Linux: /usr/lib/unifi/data/sites/default/app-unifi-hotspot-portal
- UDM Pro: /data/unifi/data/sites/default/app-unifi-hotspot-portal
- CloudKey: /srv/unifi/data/sites/default/app-unifi-hotspot-portal
(replace default in the folder structure with your site name if different)