nsamuel
Staff
Staff
Description

Configuring Captive Portal using Radius server.


Scope

KB ARTICLE TYPE: Configuration

RELATED PRODUCTS: Controller

RELATED SOFTWARE VERSIONS: This articles applies to SD version 6.0 and below.

KEYWORDS: Controller, captive portal


Solution

Captive Portal allows guest users to access the network under certain conditions. In addition, you can customize the welcome (splash) page. The authentication can be performed with the RADIUS server or by setting up Guest User IDs for security.

CONFIGURATION STEPS:

From the GUI:

STEP 1: Go to the configuration tab in the web GUI > security> radius > configure the radius profile matching the credentials configured in the Radius server.

STEP 2: Under the Configuration tab > captive portal > configure the Captive portal by mapping the radius profile.

STEP 3: Then under Configuration tab > Click on Security > create security profile with “L2 allowed mode” as required and set the captive portal option to WebAuth

STEP 4: Then map this security profile to an ESS profile that you have created or to a new ESS.

From CLI:

Configuring the Radius profile:
MeruController1# configure terminal
MeruController1(config)#
MeruController1(config)# radius-profile <profile name>
MeruController1(config-radius)# ip-address <ip address>
MeruController1(config-radius)# key <shared secret key>
MeruController1(config-radius)# port 1812
MeruController1(config-radius)# mac-delimiter <colon/ hyphen/ none/ single hyphen>
MeruController1(config-radius)# password-type < mac-address/ shared-secret >
MeruController1(config-radius)#exit

Configuring the Captive portal:
MeruController1(config)# ssl-server port 10101
MeruController1(config)# ssl-server radius-profile primary <profile-name>
MeruController1(config)# ssl-server radius-profile secondary <profile-name> (if any)
MeruController1(config)# ssl-server accounting-radius-profile primary <profile-name> (if any)
MeruController1(config)# ssl-server accounting-radius-profile secondary <profile-name> (if any)
MeruController1(config)# ssl-server accounting-radius-profile interim-interval <interim-interval- 600-36000 seconds>
MeruController1(config)# ssl-server captive-portal session-timeout <session-timeout-0 and 1440 minutes>
MeruController1(config)# ssl-server captive-portal activity-timeout <activity-timeout- period between 0 and 60 minutes>
MeruController1(config)# ssl-server captive-portal override-radius disable
MeruController1(config)#

Configuring the Security and ESS profile:
MeruController1# configure terminal
MeruController1(config)# security-profile <security profile name>
MeruController1(config-security)# allowed-l2-modes clear
MeruController1(config-security)# captive-portal webauth
MeruController1(config-security)# exit
MeruController1(config)# essid <essid name>
MeruController1(config-essid)# security-profile <security profile name>
MeruController1(config-essid)# exit
MeruController1(config)#

EXPECTED BEHAVIOR:

Once when the user is authenticated into the wireless network and types in a URL in the address bar, it will be redirected to the captive portal web authentication page, sent by the controller. Valid user/password (of radius users) needs to be entered for the successful authentication and then they will be directed to the webpage requested.


Contributors