How to Configure Captive Portal Redirect on AP?

Zyxel_KathyLin Posts: 58  Zyxel Employee
Friend Collector First Answer First Comment
edited June 2022 in SSID

The example instructs how to set up captive portal redirect on the AP. A captive portal can intercept network traffic, according to the authentication policies, until the user authenticates his or her connection, usually through a specifically designated login web page. Typically, you often find captive portal pages in public hotspots.


Configure AP Profile and User 1      Go to CONFIGURATION > Object > AP Profile > SSID > SSID List, click Add to add a SSID for captive portal. Key-in the Profile Name is CP_test and SSID as CP_guest, and select Security Profile to default which sets none security. Click OK to save.
2      Go to CONFIGURATION > Object > User/Group, and click add to create a new user ID and password. Stations can log in captive portal to access Internet via this account. Enter the User Name as login ID for captive portal and User Type is guest. Enter the Password as the login password. The default of Authentication Timeout Setting is 1440 minutes, and usually it’s shorter for guests. Select to Use Manual Settings to set Lease Time and Reauthentication Time. Click OK to save.  
3      Go to CONFIGURATION > Object > Auth. Method,and click add to create an authentication method. Enter the Name of this authentication method and select to local in the Method List.   Configure Captive Portal 1      Go to CONFIGURATION > Captive Portal > Redirect on AP > Authentication Policy Rule, and click add to create a policy rule for stations which connect to SSID profile CP_test.
In General Settings, check Enable Policy and enter the Profile Name of this policy.
In User Auth Policy, change SSID to CPtest and Authentication is required. Check Force User Authentication, and change the Authentication Method to localtest. Click OK to save.

2      Go to CONFIGURATION > Captive Portal > Redirect on AP > Authentication Policy Group, and click default to edit. In the setting, click Add to add the policy rule which is created in previous step.  3      Go to CONFIGURATION > Captive Portal > Captive Portal, check Enable Captive Portal. Click Apply to apply the settings

Broadcast SSlD 1      Go to CONFIGURATION > Wireless > AP Management > AP Group, click default to Edit. Change #1 to CP_test.
2      In the same setting page as previous step, select default for Auth. Policy Group in Poral Redirect on AP. Click OK to save.
3      Logout from NXC controller.  Test the Result 1      Connect the station to the SSID ‘CP_guest’. Open a browser and visit a website after the computer and AP connect successfully. The browser redirects the webpage to captive portal page and the user needs to enter the username and password for authentication before accessing the Internet.
2      After entering the username and password correctly, the connected station is able to access the Internet now. There is also a pop-window to show the detail information of the renew time and re-authentication time after authentication succeed.
  5.2.5 What Could Go Wrong 1      The DNS MUST be set in the DHCP setting, or the captive portal might fail to redirect because NXC controller is not able to know the correct IP address of the website which stations access to. 2      The captive portal fails to redirect the webpage if the station logs in to the NXC controller before and does not logout. 3      When you use redirect on AP, the Forwarding Mode MUST be Local bridge mode. 4      If the user enters an incorrect username or password, there is a login failure webpage. Please use the correct username and password to log in again.