Configuring Guest Portal

Guest portal can be accessed using a web browser. It is available to newly connected users in a Wi-Fi network, before they are granted broader access to network resources. Guest portals are commonly used to present a landing or login page which may require the guest to accept your terms and policies before connecting to the Internet. You can also use the Guest portal to add details about your business and advertise special deals. Instant On offers you the ability to customize Guest Portal with your business logo, pictures, legal terms and other details. To configure Guest portal service on the Instant On web application, follow these steps:

  1. Click the Networks tile on the Instant On web application home page, or click Networks from the navigation pane on the left.
  2. Select one of the active Guest Network connections.
  3. Under Security > Network Options, click the Guest portal checkbox.
  4. Click Update. The changes are saved and a View guest portal link is generated.
  5. Click the View guest portal link. You will be redirected to the Networks > Guest Portal screen.
  6. Under Type, select one of the following options:
    • Internal
    • External
    • Aislelabs
    • Purple WiFi
    • Beonic
    • Wavespot
    • Zoox
  7. Based on your selection, enter values in the required fields. For more information, see:
    1. Configuring Internal Captive Portal
    2. Configuring External Captive Portal
  8. Click Apply changes.

Configuring Captive Portal

Use the following links to learn how to configure captive portal for the guest network:

Configuring Internal Captive Portal

You can configure an internal captive portal splash page when adding or editing a guest network created for your Instant On site. Following are the internal captive portal configuration parameters:

Table 1: Internal Captive Portal Configuration

Parameter Description

Page Content

  • Logo / Image—Click the image icon to browse and upload an image from your device.
  • Ensure that you upload the image only in the png, jpg, gif, or bmp formats.
  • Background Color—Click the box to view the color palette and choose a color for the background of the internal captive portal page.

Welcome Message

Design the welcome message by updating the following fields:

  • Welcome Text—Enter the text for the welcome message. Example: Welcome to Guest Network.
  • Font Color—Click the box to view the color palette and choose a color for the font.
  • Font Family—Choose a font type from the drop-down list.
  • Font Size—Drag the slider to set the size of the font.

Terms and Conditions

Design the terms and conditions section by updating the following fields:

  • Title Text—Enter the title text. Example: Please read the Terms and Conditions before using the Guest Network.
  • Font Color—Click the box to view the color palette and choose a color for the font.
  • Font Family—Choose a font type from the drop-down list.
  • Font Size—Drag the slider to set the size of the font.
  • Terms and Conditions Text—Enter or paste your terms and conditions in the text box.
  • Agreement Text—Enter a comment in the text box. For example: I agree to the terms and conditions.
    • Font Color—Click the box to view the color palette and choose a color for the font.
    • Font Family—Choose a font type from the drop-down list.

Accept Button

Design the Accept Button by updating the following fields:

  • Text—Enter the text for the accept button. Example: I agree to the terms and conditions.
  • Redirect URL—Specify the custom URL to which users should be redirected after clicking the accept button.
  • Background Color—Tap the box to view the color palette and choose a color for the background.
  • Font Color—Click the box to view the color palette and choose a color for the font.
  • Font Family—Choose a font type from the drop-down list.
  • Border Radius—Drag the slider to set the border radius of the accept button.

Configuring External Captive Portal

You can configure an external captive portal for your guest network by configuring RADIUS authentication and accounting parameters.

Customizing the Captive Portal Page

To customize the external captive portal, follow these steps:

  1. Enter the Portal URL for the External Captive Portal page.
  2. Specify a Redirect URL if you want to redirect the users to another URL.
  3. Under Authentication, select one of the following options.
    • User authentication (default)—Users are required to enter their credentials in the guest portal page to access the Internet. The credentials entered by the user are sent to the RADIUS server for validation. This is the default setting for the custom external captive portal.
    • Guest portal acknowledgment—The guest portal must return a predefined string Aruba.InstantOn.Acknowledge to grant user access to the Internet. When selected, a predefined authentication text is returned by the external server after successful user authentication.
  4. Configure the following external captive portal parameters, based on your selection in Step 3.

    Table 2: External Captive Portal Configuration Parameters

    Parameter

    Description

    Require RADIUS-Message-Authenticator

    Select this checkbox to enable the AP to discreetly discard packets from the RADIUS servers that does not have the Message Authenticator.

    This parameter is available only for User authentication (default) option.

    RADIUS Accounting

    Select the RADIUS accounting checkbox, to ensure the Instant On AP sends a status-server request to determine the actual state of the accounting server before marking the server as unavailable.

    This parameter is available only for User authentication (default) option.

    Primary RADIUS Server

    Configure a primary RADIUS server for authentication by updating the following fields:

    • Server IP address or Domain Name—Enter the IP address or fully qualified domain name of the external RADIUS server.
    • Shared secret—Enter a shared key for communicating with the external RADIUS server.
    • Server timeout—Specify a timeout value in seconds. The value determines the timeout for one RADIUS request. The Instant On AP retries to send the request several times (as configured in the Retry count) before the user gets disconnected.
    • Retry count—Specify a number between 1 and 5. Indicates the maximum number of authentication requests that are sent to the server group, and the default value is 3 requests.
    • Authentication port—Enter the authorization port number of the external RADIUS server within the range of 1–65,535. The default port number is 1812.
    • Accounting port—Enter the accounting port number within the range of 1–65,535. This port is used for sending accounting records to the RADIUS server. The default port number is 1813.

     

    Configure the following settings under Network Access Attributes, if you wish to proxy all RADIUS requests from the Instant On AP to the client.

    • NAS identifier—Enter a string value for RADIUS attribute 32, NAS Identifier, to be sent with RADIUS requests to the RADIUS server.
    • NAS IP address—Select one of the following options if your Instant On devices are configured in a private network mode. The options below determine how the RADIUS authentication takes place across all networks.
      • Use device IP (default)—This is the default setting. The RADIUS requests and NAS IP address will originate from each device authenticating the clients.
      • Use a single IP—The RADIUS and NAS IP address will originate from a single IP address representing the site. Enter the NAS IP address for the site.

    NOTE: This option is grayed out if the Instant On AP is configured as a primary Wi-Fi router on the network. In which case each AP in the network will send RADIUS requests to the server with a matching Source IP address and NAS IP address.

    This parameter is available only for User authentication (default) option.

    Secondary RADIUS Server

    Select the checkbox to configure the secondary RADIUS server.

    NOTE: The configuration parameters for the Secondary RADIUS Server and the Primary RADIUS Server are the same

    This parameter is available only for User authentication (default) option.

    Network Access Attributes

    This option is available only if User authentication (default) is selected under Guest user access. Configure the following parameters under network access attributes:

    • NAS Identifier—Enter a string value for RADIUS attribute 32, NAS Identifier, to be sent with RADIUS requests to the RADIUS server.
    • NAS IP Address Assignment—Select one of the following options if your Instant On devices are configured in a private network mode. The options below determine how the RADIUS authentication takes place across all networks. This option is grayed out if the Instant On AP is configured as a primary Wi-Fi router on the network. In which case each AP in the network will send RADIUS requests to the server with a matching Source IP address and NAS IP address.
    1. Use device IP (default)—This is the default setting. The RADIUS requests and NAS IP address will originate from each device authenticating the clients.
    2. Use a single IP—The RADIUS and NAS IP address will originate from a single IP address representing the site. Enter the NAS IP address for the site.

    This parameter is available only for User authentication (default) option.

    Allowed Destinations

    Bypasses the guest portal and uses one or more of the following Social Network destinations, as selected by the user.

    • Facebook
    • X
    • LinkedIn
    • Weibo
    • WeChat

    This parameter is available for both User authentication (default) and Guest portal acknowledgment options.

    Allowed Domains

    Allows access to social network domains. Click Add and enter a new Domain Name in the Add Allowed Domain popup window. This allows unrestricted access to additional domains.

    This parameter is available for both User authentication (default) and Guest portal acknowledgment options.

  1. Click Update.