Creating a Network That Uses a Captive Portal with Self Sign In
You can learn to create a network that allows users attempting to join the network to sign in using a social media account or to register their details for a personal password to gain access.
- From the navigation pane, click Wireless Networks.
- Click
Add Network.
The Add Network dialog box is displayed.
- Complete the settings on the
Network Details page.
- Network Name: Enter a name (up to 32 characters) that you want assign to the network.
- Description: Enter a description (up to 64 characters) to help you identify the network using.
- Network Type: Click Captive Portal.
When the network type is selected, a structure diagram of a Captive Portal type of network displays. - Click
Next.
The Portal Type page is displayed.
- Click
Self Sign In.
To access the network, users enter their social media account password, or register their details and get a personal password.The Self Sign In type of network diagram is displayed.
- Click
Next.
The Onboarding page is displayed.
- Complete the settings on the
Onboarding page.
If you want users to self-register using their social media accounts or an SMS token, complete the configuration under the Allow Sign-In Using section. If you created your own app on any of these social media platforms and you want to use your app, you can add details when you edit the option. You can select one or more of the following options:
- SMS Token: Select this check box if you want users to receive a single-use token on their mobile number. A Password expires after field is displayed and you can select a time period in hours or days after which the password expires. The default is 12 hours.
- Facebook: Select this check box if you want users to connect to the network using their Facebook account. Click the Edit (cog) icon to view the Edit Facebook App page and add further configuration. For details, refer to Allowing Sign-In Using Facebook.
- Google: Select this check box if you want users to connect to the network using their Google account. Click the Edit (cog) icon to view the Edit Google App page and add further configuration. For details, refer to Allowing Sign-In Using Google.
- LinkedIn: Select this check box if you want users to connect to the network using their LinkedIn account. Click the Edit (cog) icon to view the Edit LinkedIn App page and add further configuration. For details, refer to Allowing Sign-In Using LinkedIn.
- Twitter: Select this check box if you want users to connect to the network using their Twitter account. Click the Edit (cog) icon to view the Edit Twitter App page and add further configuration. For details, refer to Allowing Sign-In Using Twitter.
- Check the Allowed domains check box to allow only the
clients registrering with email addresses from the specified domains to connect
to the network.
- You can configure multiple domain names separated by commas.
- This does not apply to SMS Token registartion.
- Check the
Redirect Users to check box and enter a valid URL.
You can redirect users to your company website or another URL after they log in successfully. If the check box is not selected, users are sent to the page they originally requested.
- Check the
Collect email addresses of users who connect to this network check box to save email address of the user.
As required for privacy compliance, the user will be informed on email being saved.
- Check the Enable Ruckus DHCP service check box if you want
the clients to receive IP addresses in an isloated 172.21.132.0/32 network.
Click More details to view the guest network pool
details.
- Click
Next.
The Portal Web Page page is displayed.
- Configure the logo, welcome message, and terms and conditions that you want users to see and agree to before they can join the network:
- Display Language: By default, the language is English. Use the list to select another language.
- Logo: By default, the Ruckus Cloud logo is displayed. To use your own logo, click Change, select your own logo image, and then click Open.
- Welcome Text: Enter some welcome text for the portal web page. For example, you can type "Welcome to Willowdale Dental Clinic". The welcome text (up to 100 characters) is displayed beneath the logo.
- Advert: If you want to display an advertisement or announcement banner (in image format), click Upload, select the banner image, and then click Open. This banner will appear under the logo.
- Marketing Message: Enter a marketing message that you want to display on the portal web page. The marketing message (up to 140 characters) is displayed beneath the welcome text.
- Terms & Conditions: Enter the terms and conditions that you want users to agree to before they can access this network. The text “By clicking a button, you are accepting the terms and conditions” appears with the terms and conditions text a link to your text and highlighted in blue.
- Insert WiFi4EU Snippet: Toggle the to ON or OFF.
- WiFi4EU UUID:: Enter the WiFi4EU UUID.
A preview of the portal web page is displayed on the right side of the Portal Web Page page.
- Click
Next.
The Venues page is displayed
- Select the venues in which you want to activate this network.
- To activate the network in all of your venues, click Activate in all venues.
- To activate the network in a specific venue, locate the venue from the list, and then set the switch to ON in the Activated column. The Select APs on venue<venue-name> page is displayed.
- In the
Select APs on venue <venue-name> screen, you have two choices for defining how the network will be activated:
- Click the button next to All APs to activate this network on all current and future APs at this venue. You can also choose a radio band of 2.4 GHz, 5 GHz, or both.
- Click the button next to
Select specific AP groups to activate this network on specific AP groups including any AP that is added to selected AP groups in the future. An option to allow the network to be activated on any
APs not assigned to any group is displayed. When selected by clicking the box, two more options display:
- In the VLAN option, click the edit (pencil) icon to edit the VLAN number. The default is VLAN 1.
- In the Radios option, select a radio band of 2.4 GHz, 5 GHz, or both.
- Click the clock icon under
Schedule to configure the schedule for the network in the selected venue.
The Schedule for Network <network-name> in Venue <venue-name> dialog appears.
- Check one of the Network Availability options:
- 24/7: Network is available 24/7.
- Custom schedule: Network schedule is customized as per the your requirement. You can configure the schedule for Monday through Sunday and from midnight to midnight (from 00:00 hours through 23.59 hours).
- Click
OK.
Returns to Add Network dialog box.
- Click
Next.
The Summary page is displayed.
- Review the settings that you configured on the previous pages.
- To configure advanced options for the network, click
Advanced Network Settings. The
Advanced Network Settings dialog box is displayed.
- Enter the VLAN ID.
- Max number of devices: Select the maximum number of devices that can connect to the network.
The drop-down list allows up to 10 devices
- In the
User Connection Settings section, configure the following.
- Allow the user to stay connected for: Select Minutes or Hours from the drop-down arrow box and then use the up/down arrows to select the number of minutes or hours of connection time after which the client is disconnected.
- Do not redirect to the portal when reconnecting within: You can set the grace period which sets the number of minutes during which previously authenticated clients that disconnect from the network can rejoin the network without going through the authentication process again. The default grace period is 60 minutes, but this time cannot be longer than the allowed user connection period.
- In the
Load Control
section, complete the following configuration:
- Select the Max Rate from the list, based on which load will be controlled over the network.
- Calibrate the maximum number of clients per radio.
- If you want to enable load balancing between 2.4 GHz and 5 GHz radios, select the button.
- If you want to enable load balancing between APs, select the button.
- In the
Access Control section, you can define a user device policy by clickingSet up a Policy. By default, the
Allow Connections only from MAC addresses listed below option (green) is enabled. You can choose to change this to
Block Connections from MAC addresses listed below by clicking the option (red) provided. Click
Add to add a MAC address. The
Add MAC address
dialog box is displayed. Enter the MAC address and click
Add. Click
Clear list to clear the MAC address list.
Note: As an admin user, you can assign a single policy of each type to the network as the default policy or as part of the Network and Venue activation. This action overrides the default network policy.
- In the
Access Control section, you can define a user traffic policy by clickingSet up a Policy. The
Traffic Policy dialog box is displayed.
Note: By default, the Allow Traffic option (green) is enabled. You can choose to change this to Block Traffic by clicking the option (red).
- To create a new traffic rule, click the
Add Rule. The
Add Traffic Access Rule dialog box is displayed. You can create rules for upstream traffic only.
- Enter a description for the rule.
- You can create a rule to allow or block upstream traffic by selecting the Allow Traffic or Block Traffic option, respectively.
- Select the protocol that you want to use for the new traffic rule from the
Protocol list. The following protocols are available for use:
- TCP: Transmission Control Protocol
- UDP: User Datagram Protocol
- UDPLITE: Lightweight User Datagram Protocol, which is a connectionless protocol that allows even a damaged data payload to be delivered rather than being discarded.
- ICMP (ICMPV4): Internet Control Message Protocol, which is an error-reporting protocol used by network devices to generate error messages to the source IP address, when issues in the network prevent delivery of IP packets.
- IGMP: Internet Group Management Protocol, which is a communications protocol used by hosts on IPv4 networks to establish multicast group memberships.
- ESP:Encapsulating Security Payload is a protocol which provides the authentication, integrity, and confidentially of network packets in IPv4 and IPv6 networks.
- AH: Authentication Header protocol, which is used to authenticate SNMP.
- SCTP: Stream Control Transmission Protocol is a communications protocol which operates at the transport layer.
- Specify the source address in the Source field. You can either specify a range (a network address and a subnet mask) or you an specify a source IP address. Also, specify a port number or a range of ports (for example, 22-34) for the source.
- Specify the destination address in the
Destination field. You can either specify a range (a network address and a subnet mask) or you an specify a destination IP address. Also, specify a port number or a range of ports (for example, 22-34) for the destination.
Note: If you choose ICMP (ICMPv4), the option to specify source and destination ports is not available.
- Click
Create. The rule that you created is displayed in the
Traffic Policy
dialog box.
Note: The rule that you create initially is displayed in a row with the priority set to 1 by default. When you create a second rule, it is displayed with the priority set to 1, and the previous rule is displayed in the second row with the priority set to 2. When you have created multiple rules, you can use the up and down arrows to move rows up or down to set the desired priority of the rules. The edit and delete links options at the end of each row enables you to edit or delete rules. When you click the edit button, the Add Traffic Access Rule dialog box is displayed where you can edit any of the rule properties.
- Click
OK in the
Traffic Policy
dialog box, added all the required rules.
You return to the Advanced Network Settings dialog box, where are can set the Traffic Policy button to ON or OFF, activating or de-activating the traffic policy that you created. The Edit option allows you to navigate to the Traffic Policy dialog box, where you can edit the policy that you created. The Clear button allows you to delete the traffic policy.
- Toggle the
Wi-Fi Calling option to
ON and click
Select Profiles to select a Wi-Fi calling profile.
By default, the Wi-Fi Calling is set to OFF
- In Enable Client Isolation: Select this check box to prevent clients on the same network from communicating with each other.
- In
Force DHCP: Select this check box to force clients to obtain a valid IP address from a DHCP server. This prevents clients configured with a static IP address from connecting to the network.
If a client performs Layer 3 roaming between different subnets, in some cases the client sticks to the former IP address. This mechanism optimizes the roaming experience by forcing clients to request a new IP address.
- In Hide SSID: Select this check box if you do not want the ID of this network advertised at any time. This will not affect performance or force the network user to perform any unnecessary tasks.
- In Enable OFDM only (Disables 802.11b): Enabling this option disables CCK rates of 1, 2, 5.5, and 11 Mbps, so no 802.11b-only clients can connect. Beacons and probe responses will be transmitted at 6 Mbps, and data frames at 6, 9, 18, 24, 36, 48, and 54 Mbps. Enforcing higher minimum data rates increases overall network throughput capacity, but reduces the distance at which clients are able to remain connected.
- In Enable logging client data to external syslog: Select this check box to allow client data to be logged in all venues that have the external syslog server enabled. The box is unchecked by default. Refer to the Configuring the Syslog Server for a Venue page for details about configuring the external syslog server for a venue.
- In BSS Min Rate: Use this option to configure the minimum transmission rate supported by the network. If OFDM Only is enabled, the only valid options are 12 Mbps and 24 Mbps, with Mgmt Tx frames fixed at 6 Mbps. This option can also be used to prevent 11b clients from connecting, and to allow greater client density with higher data rates.
- In Mgt Tx Rate: This option is only available if both OFDM Only and BSS Min Rate are disabled. (Otherwise, the Mgmt Tx Rate is defined by those settings.) Use this setting to configure the rate at which management frames are sent. The default is 6 Mbps.
- Enable 802.11k neighbor reports: Enhances roaming by providing a list of neighbor APs to the client device.
- Client Inactivity Timeout: Client will be disconnected from the network if it is inactive for more than the time interval specified. The timeout period can range from 60 through 1000 seconds.
- Directed MC/BC Threshold: Directed multicast/broadcast threshold.
- Click Save in the Advanced Network Setting dialog box and you return to the Add Network dialog box. Click the Create button to create the Wi-Fi network. The newly created Wi-Fi network is displayed in the Networks window, with the Overview tab displaying an overview diagram of the Wi-Fi network with various network properties. To view and edit all the network settings that you entered while creating the network, click the Edit Network link on the top-right corner of the Network page. You can make the required changes and click the Save button to enable the edits.