[NEBULA] How to configure sign-in method with My RADIUS server?

Zyxel_Joslyn

Where to find: 
Configure > Access point > SSID advanced settings > Network Access > Sign-in method.

Function description: 
Use the existing database to let the stations pass authentication. AP will block network traffic until a client authenticates with an external RADIUS server through the specifically designated web portal page.

Scenario: 
We have our own RADIUS server, and it will be combined with the AP authentication. All our employees must pass the RADIUS authentication to access the internet

Configuration: 
1. Go to Configure > Access point > SSID settings, click + Add SSID network, and click Edit icon to configure the SSID name and do advanced SSID setting.

2. Adjusting the SSID name if needed, and click "Enable".

Authentication > Network Access > Sign-in method: Sign-on with My RADIUS server and add the RADIUS server detail.

(Optional) If there is a RADIUS accounting server in the environment, we also can add it here.

3. And then click Back to go to SSID settings screen > Click Save

4. (Optional) Configure > Access point > SSID advanced settings > Captive portal advance setting

Walled garden: When choosing Sign-on with My RADIUS server, the wall garden will be enabled as well. We can add the website that the customer can access without passing the authentication. If we want to promote some website as our hotel website or our co-operator website, we can configure here. It will be listed in the whitelist.*1

Simultaneous login limit: This can restrict the login devices at a time. It could be one device or multiple devices. Click Model list to know about the number can set here.

Strict Policy: Allow HTTPs traffic without sign-on or not.

Reauth time: The agreement page will pop out again when the lease time is expired. We can choose the follow site-wide setting*2 or assign a definite time for it.

5. (Optional) Configure > Access point > Captive portal customization. We can edit captive portal content here.

Confirmation

Login page and successful page on the station

Log

 

Note.

1.      About the Walled garden, One IP address/domain in one line to specify your walled garden. Example: *.zyxel.com, www.zyxel.com, 192.168.1.0/24

2.      Site-wide reauthentication time: Configure > Site settings > Captive portal reauthentication > For click-to-continue users.

3.      The AP must be added in trust list in the RADIUS server.

4.      Captive portal can be used without license. It should be noted that the Captive portal SSID will only broadcast on the AP model which supported Captive portal feature. You can refer to Nebula > Help > Device function table for supported model list.