Creating a Network That Uses a Third-Party Captive Portal (WISPr Feature)
Learn how to create a network that allows users to access the network through a third-party captive portal, authenticated by a RADIUS server.
The login credentials used in the captive portal are validated using AAA on a RADIUS server.
Follow these steps to create a network that uses the third-party captive portal option.
Note: The licensing and subscription may vary from each 3rd-party WISPr provider. For more details, refer to individual partner documents. This is not included with the Ruckus Cloud subscription.
- On the menu, click Wireless Networks.
- Click
Add Network.
The Add Network dialog box appears.
- Complete the settings on the
Network Details page.
- Name: Type a name (up to 32 characters) that you want assign to the network.
- Description: Enter an optional description to help you identify the network using up to 64 characters.
- Type: Click Captive Portal.
When the network type is selected, a structure diagram of a Captive Portal type of network displays. - Click
Next.
The Portal Type page appears.
- Click
3rd Party Captive Portal (WISPr).
To access the network, users connect through a 3rd party captive portal, authenticated by a RADIUS server.The 3rd-Party Captive Portal type of network diagram appears.
- Click
Next.
The Settings page appears.
- In the
Portal Provider field, select the name of the provider.
Currently, the following portal providers are supported:
- Aislelabs (Global)
- Aislelabs (Middle East)
- Alepo
- Cloud4Wi
- Front Porch
- GoZone Marketing4WiFi
- Height8
- Linkyfi (Americas)
- Linkyfi (Asia)
- Linkyfi (Europe)
- Maxifi Hotspot
- ONDEGO (Europe)
- Odyssys (Malaysia -SMARTSEL)
- Purple
- Ragapa
- Skyfii (Asia)
- Skyfii (Australia & New Zealand)
- Skyfii (Europe)
- Skyfii (North America)
- Skyfii (South America)
- Swipe Wi-Fi
- WSpot
- WSpot (Homolog radius)
- WhoFi
- WiFiMAX
- Yo Wireless
- Zomato
- In the
Captive Portal URL: the vendor's complete URL gets populated when you select the portal provider.
In the Integration Key: box a password appears. Click Copy Key to copy this password to your vendor's configuration to allow it to connect to Ruckus Cloud.
- In the
Walled Garden: box, type the network destinations (URLs or IP addresses) that users can access without going through authentication. A walled garden is a limited environment to which an unauthenticated user is given access for the purpose of setting up an account. After the account is established, the user is allowed out of the walled garden.
A walled garden is a limited environment to which an unauthenticated user is given access for the purpose of setting up an account. After the account is established, the user is allowed out of the walled garden.
- In the
Authentication Service section, complete the following boxes:
- IP Address: Type the IP address of the primary RADIUS server.
- Port: Type the listening port used by the primary RADIUS server.
- Shared Secret: Type the shared secret configured on the RADIUS server.
In the Add Secondary Server section (if you have another RADIUS server on the network), complete the following boxes:Note: If you do not have a secondary RADIUS server, skip this part.- IP Address: Type the IP address of the secondary RADIUS server.
- Port: Type the listening port used by the secondary RADIUS server.
- Shared Secret: Type the shared secret configured on the RADIUS server.
- In the
Accounting Service section, toggle the
OFF switch to
ON, and complete the following boxes:
- IP Address: Type the IP address of the primary RADIUS Accounting server.
- Port: Type the listening port used by the primary RADIUS Accounting server.
- Shared Secret: Type the shared secret configured on the RADIUS Accounting server.
In the Add Secondary Server section (if you have another RADIUS Accounting server on the network), complete the following boxes:Note: If you do not have a secondary RADIUS Accounting server, skip this part.- IP Address: Type the IP address of the secondary RADIUS Accounting server.
- Port: Type the listening port used by the secondary RADIUS Accounting server.
- Shared Secret: Type the shared secret configured on the RADIUS Accounting server.
- Click
Next.
The Venues page appears.
- Select the venues in which you want to activate this network.
- To activate the network in all of your venues, click Activate in all venues.
- To activate the network in a specific venue, locate the venue from the list, and then click the OFF switch under the Activated column. The OFF switch changes to ON and the Select APs on venue <venue-name> screen appears.
- In the
Select APs on venue <venue-name> screen, you have two choices for defining how the network will be activated:
- Click the radio button next to All APs to activate this network on all current and future APs at this venue. You can also choose a radio band of 2.4 GHz, 5 GHz, or both.
- Click the radio button next to
Select specific AP groups to activate this network on specific AP groups including any AP that is added to selected AP groups in the future. An option to allow the network to be activated on any
APs not assigned to any group is displayed. When selected by clicking the box, two more options display:
- In the VLAN option, click the pencil icon to edit the VLAN number. The default is VLAN 1. Click options to reset to the default, OK, or cancel.
- In the Radio Band option, select a radio band of 2.4 GHz, 5 GHz, or both.
- Click the clock icon under
Schedule to configure the schedule for the network in the selected venue.
The Schedule for Network <network-name> in Venue <venue-name> dialog appears.
- Check one of the Network Availability options:
- 24/7: Network is available 24/7.
- Custom schedule: Network schedule is customized as per the your requirement. You can configure the schedule for Monday through Sunday and from midnight to midnight (from 00:00 hours through 23.59 hours).
- Click
OK.
Returns to Add Network dialog box.
- Click
Save to save the settings. and return to the
Venues page.
The Venues page is displayed.
- Click
Next.
The Summary page appears.
- Review the settings that you configured on the previous pages.
- To configure advanced options for the network, click
Advanced Network Settings. The
Advance Network Settings dialog appears.
- Enter the VLAN ID in numeric field provided.
- In the
Lord Control
section, complete the following:
- Select the Max Rate from the drop down list, based on which load will be controlled over the network.
- Drag and calibrate the maximum number of clients per radio using the drag and set option provided.
- If you want to enable load balancing between 2.4 Ghz and 5 Ghz radios, check the radio button.
- If you want to enable load balancing between APs, check the radio button.
- In the
Access Control section, you can define a user traffic policy by clicking the
Set up a Policy link. The
Traffic Control Policy dialog appears.
Note: By default, the Allow Traffic option (green) is enabled. You can choose to change this to Deny Traffic by clicking the option (red) provided.To create a new traffic rule, click the Add Rule link. The Add Traffic Access Rule dialog appears. You can create rules only for up-stream traffic.
- Enter a description for the rule in the text field provided.
- You can create a rule to allow or block up-stream traffic by clicking and selecting the Allow Traffic or Block Traffic option, respectively.
- Select the protocol which you wish to use for the new traffic rule, from the
Protocol drop down list. Following are the list of protocols available for use.
- TCP- Transmission Control Protocol
- UDP- User Datagram Protocol
- UDPLITE- Lightweight User Datagram Protocol, which is a connectionless protocol that allows even a damaged data payload to be delivered rather than being discarded.
- ICMP (ICMPV4)- Internet Control Message Protocol, which is an error-reporting protocol used by network devices to generate error messages to the source IP address, when issues in the network prevent delivery of IP packets.
- IGMP- Internet Group Management Protocol, which is a communications protocol used by hosts on IPv4 networks to establish multicast group memberships.
- ESP-Encapsulating Security Payload is a protocol which provides the authentication, integrity, and confidentially of network packets in IPv4 and IPv6 networks.
- AH- Authentication Header protocol, which is used to authenticate SNMP.
- SCTP- Stream Control Transmission Protocol is a communications protocol which operates at the transport layer.
- Specify the source address in the Source field. You can either specify a range (a network address and a Subnet Mask, in the field provided) or you an specify a source IP address in the field provided. Also, specify a port number or a range of ports (e.g: 22-34) for the source, in the field provided.
- Specify the destination address in the
Destination field. You can either specify a range (a network address and a Subnet Mask, in the field provided) or you an specify a source IP address in the field provided. Also, specify a port number or a range of ports (e.g: 22-34) for the destination, in the field provided.
Note: If you choose the ICMP protocol in the previous step, you do not need to specify ports for the source and the destination. Hence, the option to select ports will not be presented to you.
- Click
Create. The rule which you created appears in the
Traffic Control Policy
dialog.
Note: The rule which you initially create appears in a row with priority set a "1", by default. When you create a second rule, it appears in the row with priority "1" and the previous rule which you created appears as second in the row, with priority "2". When you have multiple rules created, you can use the "up" and "down" arrows available at the end of each row, to shift respective rows up or down in the order, to set priority as desired.
The edit and delete links available at the end of each row enables to edit and delete respective rules. Each time you click the edit button, the Add Traffic Access Rule dialog appears where you can edit any of the rule properties.
- Click
OK in the
Traffic Control Policy
dialog, once you have all the required rules added.
You are navigated back to the Advanced Network Settings dialog, where are can click the Traffic Policy toggle button to "ON" or "OFF", activating or de-activating the traffic policy which you created, respectively. The Edit option allows you to navigate to the Traffic Control Policy dialog, where you can edit the policy which you created. The Clear button allows you to delete the traffic policy.
- Click
OK in the
Advance Network Setting dialog and you are navigated back to the
Create New WiFi Network
dialog. Click the
Create button to create the WiFi network. The newly created WiFi network appears in the
Networks window, with the
Overview tab displaying an overview diagram of the WiFi network with various network properties.
To view and edit all the network setting which you entered while creating the network, click the Edit Network link on the top right corner of the Network page. You can make the required changes and click the Save button, to enable the edits.