Creating a Network That Uses a Captive Portal with Self Sign In

You can learn to create a network that allows users attempting to join the network to sign in using a social media account or to register their details for a personal password to gain access.

Complete the following steps to create a captive portal network that uses the self-sign-in authentication option.
  1. On the navigation bar, click Wi-Fi > Wi-Fi Networks > Wi-Fi Networks List.
    The Networks page is displayed.
  2. Click Add Wi-Fi Network. Alternatively, select an existing Captive Portal with Self Sign in Wi-Fi network setting that you want to copy and click Clone at the top of the table.
    The Create New Network page is displayed.
  3. Complete the settings on the Network Details page.
    • Network Name: Enter a name (up to 32 characters) that you want to assign to the network.
    • Set different SSID: Use this option to configure the SSID different from the network name. For SSID, enter an SSID name (from 2 through 32 characters and up to 32 bytes when using UTF-8 non-Latin characters).
    • Description: Enter a description (up to 64 characters) to help you identify the network using.
    • Network Type: Click Captive Portal.
    When the network type is selected, a structure diagram of a Captive Portal type of network displays.
  4. Click Next.
    The Portal Type page is displayed.
  5. Click Self Sign In.
    To access the network, users enter their social media account password or register their details and get a personal password.
    The Captive Portal Self-Sign-In network type diagram is displayed.
    Creating a Self-Sign-In Captive Portal Network Type
  6. Click Next.
    The Onboarding page is displayed.
  7. Complete the settings on the Onboarding page.
    • If you want users to self-register using their social media accounts, Email, or an SMS token, complete the configuration under the Allow Sign-In Using section. If you created your app on any of these social media platforms and you want to use your app, you can add details when you edit the option. You can select one or more of the following options:
      • SMS Token: Select this check box if you want users to receive a single-use token on their mobile number. A Password expires after field is displayed and you can select a time period in hours or days after which the password expires. The default is 12 hours.
      • Email: Select this check box if you want users to receive a single-use token on their registered email address. Users now have the option to use an email-based registration process when connecting to the WLAN. Users will receive a one-time password (OTP) in their email, which will grant them access to the network. A Password expires after field is displayed and you can select a time period in hours or days after which the password expires. The default is 12 hours.
      • Facebook: Select this check box if you want users to connect to the network using their Facebook account. Click the Edit () icon to view the Edit Facebook App page and add further configuration. For details, refer to Allowing Sign-In Using Facebook.
      • Google: Select this check box if you want users to connect to the network using their Google account. Click the Edit () icon to view the Edit Google App page and add further configuration. For details, refer to Allowing Sign-In Using Google.
      • LinkedIn: Select this check box if you want users to connect to the network using their LinkedIn account. Click the Edit () icon to view the Edit LinkedIn App page and add further configuration. For details, refer to Allowing Sign-In Using LinkedIn.
      • X (formerly Twitter): Select this check box if you want users to connect to the network using their X (Twitter) account. Click the Edit () icon to view the Edit Twitter App page and add further configuration. For details, refer to Allowing Sign-In Using X (Twitter).

        Click RUCKUS Networks Privacy Policy to view more information on RUCKUS Networks Privacy Policy.

    • Secure your network: Select one of the following options:
      • None (default): No encryption method is used.
      • Pre-Share Key (PSK): Select Pre-Share Key (PSK) and select a Security Protocol for the network.
        • WPA2 (Recommended) (default): Encrypts traffic using the WPA2 standard, which complies with the IEEE 802.11i security standard. Select WPA2 (Recommended) and enter a passphrase of at least eight characters in length in the Passphrase field.
        • WPA3: The WPA3 standard has several security enhancements when compared to WPA2. Select WPA3 and enter a passphrase of at least eight characters in length in the SAE Passphrase field.

          The IEEE 802.11ax (Wi-Fi 6E) and IEEE 802.11be (Wi-Fi 7) APs support only WPA3. The 6 GHz radios are supported with WPA3 only.

        • WPA2/WPA3 mixed mode: Allows mixed networks of WPA2- and WPA3-compliant devices ensuring compatibility. Select WPA2/WPA3 mixed mode and in the WPA2 Passphrase and WPA3 SAE Passphrase fields, enter a passphrase of at least eight characters each in length.
      • OWE Encryption: Opportunistic Wireless Encryption (OWE) provides encrypted communications for open Wi-Fi networks without needing passwords. Choose this option to allow users to access the network without needing to enter a password for authentication.
    • Select the Allowed domains check box to allow only the clients registering with email addresses from the specified domains to connect to the network.
      • You can configure multiple domain names separated by commas.
      • This does not apply to SMS Token registration.
    • Select the Redirect Users to check box and enter a valid URL.

      You can redirect users to your company website or another URL after they log in successfully. If the check box is not selected, users are sent to the page they originally requested.

    • Select the Collect email addresses of users who connect to this network check box to save the email address of the user.

      As required for privacy compliance, the user will be informed that their email is being saved.

    • Select the Enable RUCKUS DHCP service check box to automatically create and assign a new DHCP-Guest Service and DHCP Pool for those Guest WLAN-related venues that do not have a specified DHCP Service. Please refer to the DHCP Service at each Venue for more information.
    • Select the Use Bypass Captive Network Assistant check box. The devices that are already authenticated are not redirected for authentication when reconnecting to the onboarding network.
    • (Optional) Walled Garden: Enter the network destinations (URLs or IP addresses) that users can access without going through authentication. A walled garden is a limited environment to which an unauthenticated user is given access to set up an account. After the account is established, the user is allowed out of the walled garden.
  8. Click Show more settings.

    By default, the VLAN sub-tab is displayed. Each sub-tab includes additional Wi-Fi configuration options to configure the settings of your preference. Refer to Configuring Additional Settings for a Wi-Fi Network to configure each of the available settings.

    Note:

    Demonstration of Advanced Settings for a Wi-Fi Network. This video explains advanced settings for a Wi-Fi network and walks you through the process of configuring them.

    Click to play video in full screen mode.

  9. Click Next.
    The Portal Web Page is displayed.
  10. Under Guest Portal Service, select a Guest Portal from the drop-down list or click Add Guest Portal Service to add a new Guest Portal Service. The Guest Portal Service is where you define the look and feel of the webpage that the guest uses to join the captive portal network. Refer to Adding a Guest Portal Service.
  11. Click Next.
    The Venues page is displayed™.
  12. Complete the following steps to configure a venue:
    1. Select the venues in which you want to activate this network:
      • To activate the network in all your venues, select the check box beside Venue at the top of the table and click Activate.
      • To activate the network in a specific venue, locate the venue from the list, and set the switch to ON in the Activated column.

      The APs, Radios, Scheduling, and Tunnel columns of the selected venue are displayed in the table.

      Selecting Venues to Activate a Captive Portal Network
    2. By default, this network configuration is applicable for all APs and all radio bands supported by the APs. To select specific AP groups or modify the radio bands that will broadcast this network, complete one of the following steps:
      • Click All APs in the APs column. The Select APs dialog box is displayed. Select All APs to activate this network on all current and future APs at this venue. You can also choose to remove or add any AP-supported radio bands in the Radio Band drop-down list giving you the flexibility of broadcasting this network only on the selected radio bands.
        Select APs Dialog Box
      • Click Select specific AP groups to activate this network on specific AP groups including any AP that is added to selected AP groups in the future. The APs not assigned to any group option is displayed. After the APs not assigned to any group option is selected, VLAN and Radio Band options are displayed.
        Selecting Specific AP Groups
      • In the VLAN field, by default, VLAN-1 is selected. Click the icon and configure the VLAN or VLAN pool for the selected AP group.
      • In the Radio Band field, remove or add any AP-supported radio bands in the drop-down list for the selected AP group.
      • Click Apply.
    3. By default, this network configuration is scheduled for 24/7. To configure Scheduling, complete the following steps:
      • Click 24/7 in the Scheduling column. The Schedule for Network <network-name> in Venue <venue-name> dialog box is displayed. You can choose a schedule of 24/7 or customize the schedule.
        Schedule for Network Dialog Box
      • Click Custom Schedule. The network schedule is customized as per your requirements. You can configure the schedule for Monday through Sunday and from midnight to midnight (from 00:00 hours through 23.59 hours). For more information, click See tips. The Network Scheduler Tips dialog box opens, displaying different configuration tips in the form of animated GIFs.
      • Click OK to close the Network Scheduler Tips dialog box.
      • Click Apply.
    4. The Tunnel column shows the tunneling service or profile associated with each active network. By default, Tunnel is set to Local Breakout when the venue is not linked to any SD-LAN or SoftGRE tunneling service. The SD-LAN Tunneling option is available only in networks containing RUCKUS Edge devices.
  13. Click Next.
    The Summary page is displayed.
  14. Review the settings that you configured.
  15. Click Finish.