Access Point Instructions for Alcatel-Lucent Instant (IAP)
This page explains the configuration of Alcatel-Lucent Instant (IAP) wireless access points for external Captive Portal and RADIUS server authentication.
IronWiFi Console Configuration
- Log into the IronWiFi console or register for free
- Create a new network
- After that, create a new captive portal, with vendor Alcatel-Lucent Instant (IAP)
Access Point Configuration
Log in to your Alcatel-Lucent (Master) IAP
Under Network at the top left, click on New
Configure with:
- Name (SSID): Guest WiFi (or whatever you wish)
- Primary usage: Guest
Click Next and configure with:
- Client IP assignment: Virtual Controller managed
- Client VLAN assignment: Default (unless you have a custom VLAN set up)
Click Next and configure with:
- Splash page type: External
- Captive portal profile: Click the dropdown and choose New. Configure with:
- Name: guestwifi
- Type: Radius Authentication
- IP or hostname: *insert access_domain here*
- URL: /access/?iapmac=<ap-mac> (i.e. /access/?iapmac=00-0B-86-6E-C5-F8)
- Port: 80
- Use https: Disabled
- Captive portal failure: Deny internet
- Automatic URL whitelisting: Disabled
- Redirect URL:
Click OK to save
- Auth server 1: Click the dropdown and choose New. Configure with:
- Type: RADIUS
- Name: guestwifi1
- IP address:
- Auth port: 1812
- Acct port: 1813
- Shared key:
- Retype key: as abov
Click OK to save
- Auth server 2: Click the dropdown and choose New. Configure with
- Type: RADIUS
- Name: guestwifi2
- IP address:
- Auth port: 1812
- Acct port: 1813
- Shared key:
- Retype key: as above
Click OK to save
- Reauth interval: 24 hrs
- Accounting: Enabled
- Accounting mode: Authentication
- Accounting interval: 3 min
- Blacklisting: Disabled
- Walled garden: Click the link "Blacklist: 0 Whitelist: 0" and you will see the below screen:
Under Whitelist Click New and add all the below domains one by one until all are in the list:
*insert access_domain here*
107.178.250.42
If you need to load resources from external servers (SAML, social login), you will need to add other entries as well, instructions to configure the walled garden list in this case are available here.
Press OK when all the domains have been added to save
Click Next and configure with:
- Access Rules: Role-based
Under Roles click New and enter Preauth as the name
Under Access Rules for Preauth click New and add the following rule:
- Rule type: Access control
- Service: Network - any
- Action: Allow
- Destination: to domain name
- Domain name: *insert access_domain here*
Click OK to save.
You need to add a rule (just like you did above), for all the below domains:
*insert access_domain here*
107.178.250.42
If you need to load resources from external servers (SAML, social login), you will need to add other entries as well, instructions to configure the walled garden list in this case are available here.
- Assign pre-authentication role: select Preauth
Click Finish to complete the set up.
! You must also install a valid SSL certificate on your controller/AP, in order to avoid authentication issues !