In this section, we will configure Captive Portal, RADIUS Service for AAA, then WLAN which is associated with the Captive portal and RADIUS service .

 

 

RADIUS service
  1. AAA Policy

Each guest / visitor user will be authenticated by the integrated AAA server on the cluster of VX9000 Wireless Controllers.  An AAA policy needs to be defined to tell the WiNG 5 system where to forward the authentication requests when a guest / visitor user provides their credentials on the captive portal login page.

Configuration >Network > AAA Policy >Add:

Name it As Guest_AAA.

  • Server Type: Onboard-controller, then click OK, exit.

Go to Configuration > services > RADIUS

  1. Go to Groups Click Add, Then Name it as Guest_group,
  • tick  Guest User Group
  • WLAN SSID: which WLAN will this RADIUS authenticate, type Guest ( we will create this later) , click down arrow.
  • You can set the speed limit for a group in Rate limit from Air(upload speed) , Rate limit to air (download speed).
  • You can also set the access time in schedule.

2. Go to the User Pools

Click Add, give it a name Guests_users, then click continue.

Then click Add to add a user, User ID: test_user1; Password: password; Tick Guest User; Then Choose Guest_group. You can specify the Expiry date and access duration bellow or leave it as default.

Click Ok, exit.

3. Go to the Server Policy

Click Add, Give it a name, RADIUS_policy.

RADIUS USER Pools: tick the Guests_users

Authentication: Local

Leave others as default, click OK, exit,

4. Apply the Service Policy to Wireless controller

We only need the VX9000 to be the RADIUS server, so we go to Configuration > Devices > VX9000 >Profile Overrides >Services

Under DHCP server: choose the RADIUS server Policy RADIUS_policy from the drop down menu.

click Commit and Save.

Captive Portal

Reference: http://frankfu.click/files/wireless/WING_5X_CAPTIVE_PORTALS.pdf

NOTE: Captive Portal will not pop up automatically until the NAT is down and having internet connection. So make sure you have internet connection before you start the captive portal.

The guest / visitor traffic will be bridged to VLAN 37 where the Internet / firewall resides using 802.1Q tagging enabled on each VX9000 Wireless Controllers uplink port.

  1. Go to Configuration > services > Captive Portals > captive portals

Click Add button, Give it a name after Captive Portal Policy, Guest.

Settings:

Captive Portal Server Mode: Centralized

Captive Portal Server Host: Choose IP address in the drop down selection, 192.168.37.254, which is the controller.

Connection Mode: https.

Simultaneous Access: means for one account how many devices can use simultaneously.

Security:

AAA policy: choose the one you created in previous section, Guest_AAA.

Access: Access Type: RADIUS Authentication

Terms and Conditions page: tick.

Click OK, exit.

2. We can also create a helpdesk user account to manage the guest accounts:

ConfigurationManagement<policy>Edit.

Click Add. Enter a User Name and Password then set the Administrator Role to Web User. Click OK then Exit.

 

Enable wireless LAN
  1. Create WLAN

Go to the Configuration > Wireless Wireless LANs, you will configure Wireless LANs here.

Click Add, Type WLAN name on Top, then SSID: guest; Status: enabled; Bridging mode: Tunnel; VLAN assignment: Single VLAN; VLAN: 37; Security Section: Select Authentication: PSK/None; Captive Portal: Enforcement: Captive portal enable; Captive Portal Policy: choose from the drop down menu , Guest.

2. Apply WLAN to AP profile

Configuration >Profiles >default-ap71xx Edit.

Interface >Radios >radio1(2.4GHZ),  Edit.

Select the WLAN Mapping / Mesh Mapping tab

then under WLANs select the Guest / Visitor Wireless LAN created earlier and add it to the radio by click left arrow. Click OK then Exit.