Configuring Guest Portal
Guest portal can be accessed using a web browser. It is available to newly connected users in a Wi-Fi network, before they are granted broader access to network resources. Guest portals are commonly used to present a landing or login page which may require the guest to accept your terms and policies before connecting to the Internet. You can also use the Guest portal to add details about your business and advertise special deals. Instant On offers you the ability to customize Guest Portal with your business logo, pictures, legal terms and other details. To configure Guest portal service on the Instant On web application, follow these steps:
- Click the Instant On web application home page, or click Networks from the navigation pane on the left. tile on the
- Select one of the active Guest Network connections.
- Under > Network Options, click the checkbox.
- Click Update. The changes are saved and a View guest portal link is generated.
- Click the View guest portal link. You will be redirected to the Networks > Guest Portal screen.
- Under Type, select one of the following options:
- Aislelabs
- Purple WiFi
- Beonic
- Wavespot
- Zoox
- Based on your selection, enter values in the required fields. For more information, see:
- Click .
Configuring Captive Portal
Use the following links to learn how to configure captive portal for the guest network:
Configuring Internal Captive Portal
You can configure an internal captive portal splash page when adding or editing a guest network created for your Instant On site. Following are the internal captive portal configuration parameters:
Configuring External Captive Portal
You can configure an external captive portal for your guest network by configuring RADIUS authentication and accounting parameters.
Customizing the Captive Portal Page
To customize the external captive portal, follow these steps:
- Enter the Portal URL for the External Captive Portal page.
- Specify a Redirect URL if you want to redirect the users to another URL.
- Under Authentication, select one of the following options.
- User authentication (default)—Users are required to enter their credentials in the guest portal page to access the Internet. The credentials entered by the user are sent to the RADIUS server for validation. This is the default setting for the custom external captive portal.
- Guest portal acknowledgment—The guest portal must return a predefined string Aruba.InstantOn.Acknowledge to grant user access to the Internet. When selected, a predefined authentication text is returned by the external server after successful user authentication.
- Configure the following external captive portal parameters, based on your selection in Step 3.
Table 2: External Captive Portal Configuration Parameters
Parameter
Description
Select this checkbox to enable the AP to discreetly discard packets from the RADIUS servers that does not have the Message Authenticator.
This parameter is available only for User authentication (default) option.
Select the RADIUS accounting checkbox, to ensure the Instant On AP sends a status-server request to determine the actual state of the accounting server before marking the server as unavailable.
This parameter is available only for User authentication (default) option.
Configure a primary RADIUS server for authentication by updating the following fields:
- —Enter the IP address or fully qualified domain name of the external RADIUS server.
- —Enter a shared key for communicating with the external RADIUS server.
- Instant On AP retries to send the request several times (as configured in the ) before the user gets disconnected. —Specify a timeout value in seconds. The value determines the timeout for one RADIUS request. The
- —Specify a number between 1 and 5. Indicates the maximum number of authentication requests that are sent to the server group, and the default value is 3 requests.
- —Enter the authorization port number of the external RADIUS server within the range of 1–65,535. The default port number is 1812.
- —Enter the accounting port number within the range of 1–65,535. This port is used for sending accounting records to the RADIUS server. The default port number is 1813.
Configure the following settings under Instant On AP to the client.
, if you wish to proxy all RADIUS requests from the- —Enter a string value for RADIUS attribute 32, NAS Identifier, to be sent with RADIUS requests to the RADIUS server.
- Instant On devices are configured in a private network mode. The options below determine how the RADIUS authentication takes place across all networks.
- —This is the default setting. The RADIUS requests and NAS IP address will originate from each device authenticating the clients.
- —The RADIUS and NAS IP address will originate from a single IP address representing the site. Enter the for the site.
—Select one of the following options if your
This option is grayed out if the Instant On AP is configured as a primary Wi-Fi router on the network. In which case each AP in the network will send RADIUS requests to the server with a matching Source IP address and NAS IP address.
This parameter is available only for User authentication (default) option.
Select the checkbox to configure the secondary RADIUS server.
The configuration parameters for the and the are the same
This parameter is available only for User authentication (default) option.
Network Access Attributes
This option is available only if User authentication (default) is selected under Guest user access. Configure the following parameters under network access attributes:
- NAS Identifier—Enter a string value for RADIUS attribute 32, NAS Identifier, to be sent with RADIUS requests to the RADIUS server.
- NAS IP Address Assignment—Select one of the following options if your Instant On devices are configured in a private network mode. The options below determine how the RADIUS authentication takes place across all networks. This option is grayed out if the Instant On AP is configured as a primary Wi-Fi router on the network. In which case each AP in the network will send RADIUS requests to the server with a matching Source IP address and NAS IP address.
- Use device IP (default)—This is the default setting. The RADIUS requests and NAS IP address will originate from each device authenticating the clients.
- Use a single IP—The RADIUS and NAS IP address will originate from a single IP address representing the site. Enter the NAS IP address for the site.
This parameter is available only for User authentication (default) option.
Allowed Destinations
Bypasses the guest portal and uses one or more of the following Social Network destinations, as selected by the user.
- X
This parameter is available for both User authentication (default) and Guest portal acknowledgment options.
Allows access to social network domains. Click Add and enter a new
in the Add Allowed Domain popup window. This allows unrestricted access to additional domains.This parameter is available for both User authentication (default) and Guest portal acknowledgment options.
- Click .