Skip to main content
  1. CoffeeBean Technology
  2. WiFi Dashboard
  3. Guias de configuração

WiNG WLAN

Introduction

This guide describes the configuration steps to enable an external captive portal in the WiNG WLAN plataform.

The following guide was created using an Extreme Wireless network running WiNG v5.5 solution.

Configuring the RADIUS server

Configure the CoffeeBean RADIUS server by creating a new AAA Policy.

Go to "Configuration > Network > AAA Policy", click in the "Add" button and fill the AAA Policy name, such as "AAA-COFFEEBEAN"

Wing5_add_aaa_policy.png

RADIUS Authentication

In the "RADIUS Authentication" tab click in the "Add" button and fill the following info:

  • Host: the primary RADIUS server hostname according to your environment/region (Hostname)
  • Port: make sure that the chosen port is 1812
  • Secret: the provided RADIUS client secret
  • Request Proxy Mode: Through Centralized Controller or Through Wireless Controller

Click "OK" to save these settings and then "Exit".

Repeat the procedure for the secondary RADIUS server.

Wing5_add_radius_authentication_server.png

RADIUS Accounting

In the "RADIUS Accounting" tab click in the "Add" button and fill the following info:

  • Host: the primary RADIUS server hostname according to your environment/region (Hostname)
  • Port: make sure that the chosen port is 1813
  • Secret: the provided RADIUS client secret
  • Request Proxy Mode: Through Centralized Controller or Through Wireless Controller

Click "OK" to save these settings and then "Exit".

Repeat the procedure for the secondary RADIUS server.

Wing5_add_radius_accounting_server.png

RADIUS Settings

In the "Settings" tab, double check these settings:

  • RADIUS Authentication > Protocol for MAC, Captive Portal Authentication: PAP
  • RADIUS Address Format > Attributes: All

You can also configure which type of RADIUS Accounting packets you want to send (Start/Interim/Stop) and the request interval.

Wing5_aaa_policy_settings.png

Configuring the DNS Whitelist

Go to "Configuration > Services > DNS Whitelist", click in the "Add" button and fill the "Name", such as "SOCIAL-LOGIN":

Wing5_dns_whitelist.png

Create the DNS Entries according to Walled Garden for the Social Login URLs. Add each URL as a "Hostname" and Match Suffix as "Yes".

Configuring the Captive Portal

Go to "Configuration > Services > Captive Portal", click in the "Add" button and fill the Captive Portal Policy name, such as "CP-SOCIAL-ID":

Wing5_add_captive_portal.png

Basic Configuration

Change the following settings in the "Basic Configuration" tab:

  • Captive Portal Server Mode: Internal (Self) [you can select a more appropriate option if you prefer]
  • AAA Policy: the previously AAA Policy created (e.g.: "AAA-SOCIAL-ID")
  • Access Type: RADIUS Authentication
  • DNS Whitelist: the previously DNS Whitelist created (e.g.: "SOCIAL-LOGIN")
  • Enable RADIUS Accounting checkbox

Click in "OK" to save the settings.

Web Page

Go to the "Web Page" tab to configure the external captive portal:

  • Web Page Source: Externally Hosted
  • Login URL: the provided captive portal login URL*
  • Welcome URL: the provided captive portal welcome URL
  • Fail URL: the provided captive portal fail URL

*Important: you need to add parameters to the Login URL query string to track client and AP MACs successfully. Example:

http://wifi.socialidnow.com/portals/my-portal/auth?client_mac=WING_TAG_CLIENT_MAC&ap_mac=WING_TAG_AP_MAC&hs_server=WING_TAG_CP_SERVER&

Wing5_captive_portal_web_page.png

You can fill the other URLs if you need also. Click in "OK" to save the settings.

Configuring the Wireless LAN

Now you need to associate the Captive Portal previously created to the Wireless LAN. You need to have a Wireless LAN already created and configured in order to proceed with this step.

Select your Wireless LAN in "Configuration > Wireless > Wireless LANs" and go to the "Security" tab:

Wing5_wireless_lan_security.png

In order to provide Free Wi-Fi with Captive Portal enabled you need to set the following parameters:

  • Select Authentication: PSK / None
  • Enforcement: check "Captive Portal Enable"
  • Captive Portal Policy: select the previously created Captive Portal Policy (e.g.: "CP-SOCIAL-ID")
  • Select Encryption: Open

Configuring the Device Services

You need to add the Captive Portal Policy previously created to the Device Services responsible to perform the RADIUS authentication, such as the Controller or Access Point (AP).

Select you device in "Configuration > Devices > Device Configuration" and go to the "Services" tab:

Wing5_device_services.png

Check the Captive Portal Policy previously created (e.g.: "CP-SOCIAL-ID").

Also review the device DNS settings in "Network > DNS" tab.

Customer Parameters 

The summary of customer specific parameters is:

Basic Settings

  • RADIUS (primary and secondary)
    • Authentication
      • Host: the RADIUS server hostname according to your environment/region.
      • Port: 1812
      • Secret: the provided RADIUS client secret
    • Accounting
      • Host: the RADIUS server hostname according to your environment/region.
      • Port: 1813
      • Secret: the provided RADIUS client secret
  • DNS Whitelist: get the list of URLs you want to enable to unauthenticated users at our Walled Garden Page.
  • Login URL: the provided captive portal login URL
  • Welcome URL: the provided captive portal welcome URL
  • Fail URL: the provided captive portal fail URL

Related to

Português do Brasil