How to Configure Captive Portal Redirect on Controller?
The example instructs how to set up captive portal redirect on the controller. A captive portal can intercepts network traffic, according to the authentication policies, until the user authenticates his or her connection, usually through a specifically designated login web page. Typically, you often find captive portal pages in public hotspots. There are two kinds of the topologies for captive portal redirect on the controller: one is to set USG as the gateway; the other is to set NXC controller as the gateway. The configurations of these two kinds of topologies show in below procedures.
a. Captive portal redirect on controller (USG is gateway)
b. Captive portal redirect on controller (NXC is gateway)
Configure Authentication Method Setting
1 Go to CONFIGURATION > Object > User/Group, click add to create a new user ID and password. Stations can log in captive portal to access the Internet via this account. Enter the User Name as login ID for captive portal and User Type is guest. Enter the Password as the login password. The default of Authentication Timeout Setting is 1440 minutes, and usually it’s shorter for guests. Select to Use Manual Settings to set Lease Time and Reauthentication Time. Click OK to save.
2 Go to CONFIGURATION > Object > Auth. Method, click add to create an authentication method. Enter the Name of this authentication method and select to local in the Method List.
Configure Captive Portal
1 Go to CONFIGURATION > Object > Address > Address, click add to create an address range which needs to do captive portal authentication before accessing to the Internet. Enter profile Name and change Address Type to RANGE. In this example, the IP range for guest is 192.168.1.100 to 192.168.1.200 on DHCP server (USG). Click OK to save.
2 Go to CONFIGURATION > Captive Portal > Redirect on Controller > Authentication Policy Rule, click add to create a policy rule for stations which get an IP range from 192.168.1.100 to 192.168.1.200.
In General Settings, check Enable Policy and enter the Description of this policy.
In User Auth Policy, change Source Address to CPtest and Authentication is required. Check Force User Authentication, and change the Authentication Method to localtest. Click OK to save.
3 If you want to use the domain name instead of an IP address, you can set it in the Authentication Type. (If you don’t have FQDN, please skip this step)
4 Go to CONFIGURATION > System > WWW and enable Redirect HTTP to HTTPS. Click Apply to apply the settings.
5 Go to CONFIGURATION > Captive Portal > Captive Portal, check Enable Captive Portal. Click Apply to apply the settings.
Configure AP Profile when USG is the Gateway
1 To make sure the USG is the gateway for vlan0 interface which is for client accessing the Internet, go to CONFIGURATION > Network > Interface > VLAN > vlan0 > Edit, enter USG’s IP in Gateway. Click OK to apply settings.
2 Go to CONFIGURATION > Object > AP Profile > SSID > SSID List, click Add to add a SSID for captive portal. Key in the SSID to CP_guest, and change Security Profile to default which sets none security. Change Forwarding Mode to Tunnel Mode and click OK to save.
3 Go to CONFIGURATION > Wireless > AP Management > AP Group, select the default AP profile and edit. Select #1 to CP_test which created in step2. Click Override Member AP Setting to apply the SSID to AP and click Yes in the pop-up window. Click OK.
4 Logout from NXC controller.
Configure AP Profile when NXC is the Gateway
1 Make sure the NXC is the gateway for vlan0 interface which is the captive portal and stations need to connect to. Go to CONFIGURATION > Network > Interface > VLAN > vlan0 > Edit, select no in Member for ge1 and enter the NXC’s IP in Gateway. Enable DHCP server and set the IP from 192.168.1.100 to 192.168.1.200 (IP pool 100). The Default Router is vlan0. Click OK to apply settings
2 Go to CONFIGURATION > Network > Interface > Ethernet, click ge1 and then click Edit to make ge1 as the external interface for connecting with the Internet. Change Interface Type to external and IP Address Assignment is Get Automatically. Click OK to save.
3 Go to CONFIGURATION > Network > Routing > Policy Route, and click Add to add a routing rule for outgoing traffic. Click Show Advanced Settings. Check Enable in Configuration. Select Interface in Incoming and select to vlan0 in Please select one member. Change Type to Interface and select Interface ge1. Change Source Network Address Translation to outgoing-interface. Click OK.
4 Go to CONFIGURATION > Object > AP Profile > SSID > SSID List, and click Add to add a SSID for captive portal. Key in the SSID to CP_guest, and change Security Profile to default which sets none security. Click OK to save.
5 Go to CONFIGURATION > Wireless > AP Management > AP Group, and click default to Edit. Change #1 to CP_test which is created in step2. Click Override Member AP Setting to apply the SSID to AP and click Yes in the pop-up window. Click OK
- 6.8K All Categories
- 1.3K Nebula
- 26 Nebula Ideas
- 28 Nebula Status and Incidents
- 3.8K Security
- 199 Security Ideas
- 691 Switch
- 25 Switch Ideas
- 566 WirelessLAN
- 8 WLAN Ideas
- 4.5K Consumer Product
- 95 Service & License
- 211 New and Release
- 64 Stories
- 34 Security Advisories
- 476 FAQ
- 216 Nebula FAQ
- 106 Security FAQ
- 72 Switch FAQ
- 66 WirelessLAN FAQ
- 20 Nebula Monthly Express
- 40 About Community
- 30 Security Highlight