Introduction
This guide describes the configuration steps to enable an external captive portal in the Nomadix Access Gateway.
This guide was created using the following components:
- Gateway: Nomadix AG 5800
- Version: v8.7.016
AAA Settings
Go to Configuration > AAA, enable AAA Services and select the Internal Web Server option.
Internal Web Server
Configure the external captive portal as an internal web server using the following parameters:
- Portal Page: check Enable
- Portal Page URL: add the provided captive portal login URL
- Parameter Passing: check Enable
- Parameter Signing
- Method: select None
- Parameters: check all parameters (UI, MA, RN, PORT, SIP)
- Usernames: check Enable
RADIUS Settings
RADIUS Service Profile
Go to Configuration > Realm-Based Routing and click “Click here to add a new RADIUS service profile”.
Enable RADIUS Authentication and Accounting using the following parameters:
- Unique Name: fill a name (e.g: CoffeeBean)
- Authentication
- Enabled RADIUS Authentication Service: checked
- Protocol: select PAP
- Primary
- IP/DNS: the RADIUS primary server IP according to your environment/region
- Port: the RADIUS primary server authentication port according to your environment/region
- Secret Key: the provided RADIUS client secret
- Secondary
- IP/DNS: the RADIUS secondary server IP according to your environment/region
- Port: the RADIUS secondary server authentication port according to your environment/region
- Secret Key: the provided RADIUS client secret
- Accounting
- Enabled RADIUS Accounting Service: checked
- Primary
- IP/DNS: theRADIUS primary serverIP according to your environment/region
- Port: theRADIUS primary serveraccounting port according to your environment/region
- Secret Key: the provided RADIUS client secret
- Secondary
- IP/DNS: the RADIUS secondary server IP according to your environment/region
- Port: the RADIUS secondary server accounting port according to your environment/region
- Secret Key: the provided RADIUS client secret
RADIUS Client
Go to Configuration > RADIUS Client.
In the Server Selection and Communication, choose the following options:
- Default RADIUS Mode: select Fixed
- Default RADIUS Service Profile: select the RADIUS service profile previously configured (e.g. CoffeeBean).
Walled Garden
In the Walled Garden section, you need to configure the IPs and domains with allowed access for unauthenticated users. Get the list of hostnames you want to enable to unauthenticated users at our documentation.
In order to configure the walled garden for Nomadix Access Gateway, go to Configuration > Passthrough Addresses and enter each hostname by filling in the IP/DNS Name input and clicking Add.
Customer Parameters
The summary of customer specific parameters is:
- Configuration
- AAA > Internal Web Server
- Portal Page URL: add the provided captive portal login URL
- Realm-Based Routing: the provided IP, port and shared secret for primary and secondary RADIUS servers on both Authentication and Accounting Services.
- Passthrough Addresses: add the list of hostnames you want to allow for unauthenticated users at our documentation.
- AAA > Internal Web Server