NOTE: You are required to use firmware v8.7.102.0 or above in order to continue.

Log in to your ME web interface and click the "Switch to Expert View" button at the top right.

On the left, click Management > Admin Accounts and then the RADIUS header. Configure with:

• Authentication Call Station ID Type: AP MAC Address:SSID
• Authentication MAC Delimiter: Hyphen
• Accounting Call Station ID Type: AP MAC Address:SSID
• Accounting MAC Delimiter: Hyphen

Click Apply. Next, click Add RADIUS Authentication Server. Configure with:

• State: Enabled
• Server IP Address: *insert radius_server_ip here*
• Shared Secret: *insert radius_secret here*
• Confirm Shared Secret: as above
• Port Number: 1812

Click Apply to Save. Next, click Add RADIUS Authentication Server again Configure with:

• State: Enabled
• Server IP Address: *insert radius_server2_ip here*
• Shared Secret: *insert radius_secret here*
• Confirm Shared Secret: as above
• Port Number: 1812

Click Apply to Save. Next, click Add RADIUS Accounting Server. Configure with:

• State: Enabled
• Server IP Address: *insert radius_server_ip here*
• Shared Secret: *insert radius_secret here*
• Confirm Shared Secret: as above
• Port Number: 1813

Click Apply to Save. Next, click Add RADIUS Accounting Server again. Configure with:

• State: Enabled
• Server IP Address: *insert radius_server2_ip here*
• Shared Secret: *insert radius_secret here*
• Confirm Shared Secret: as above
• Port Number: 1813

Click Apply to Save. Next, on the left, click Wireless Settings > WLANs. Click Add New and configure with:

On the General tab:

• Profile Name: Guest WiFi
• SSID: Guest WiFi (or whatever you wish)
• Admin State: Enabled
• Radio Policy: ALL
• Broadcast SSID: Yes

On the WLAN Security tab:

• Guest Network: Yes
• Captive Network Assistant: Yes
• Captive Portal: External Splash page
• Captive Portal URL: *insert access_url here*
• Access Type: RADIUS

Under the RADIUS Server header, click Add RADIUS Authentication Server and select the first server IP you previously added. Click Apply. Next, click Add RADIUS Authentication Server again and select the second server IP you previously added. Click Apply. 

Next, click Add RADIUS Accounting Server and select the first server IP you previously added. Click Apply. Next, click Add RADIUS Accounting Server again and select the second server IP you previously added. Click Apply. 

Under the Pre Auth ACLs header, click Add URL Rules and configure with:

• URL: *insert access_domain here*
• Action: Permit

Using the same procedure as above, add a new URL rule for the below domains:

• venuewifi.com
• cloudfront.net
• openweathermap.org
• stripe.com

If you wish to support social network logins, you also need to add the following domains for each network you plan to support

Under the Advanced tab:

• Allow AAA Override: Yes

Click Apply to Save config. At the top right, be sure to click the Save Configuration button to avoid losing changes. Finally, you'll need to SSH or console to the ME AP and type the following commands in "enable" mode:

• config network web-auth https-redirect disable
• config network web-auth secureweb disable

Additionally, we need to prevent users from trying to log in to the ME GUI via RADIUS. Provided you have only added the two RADIUS servers above and don't have any others configured, run the following commands:

• config radius auth management 1 disable
• config radius auth management 2 disable

After applying the commands above you will need to reboot the controller. Type the below commands:

• save config
• reset system

The ME AP will now reboot and be ready for use.

NOTE: You need to add all the AP Base MACs to the portal. To see these, type show ap join stats summary all from the SSH or command line.