Captive Portal
      Back to home
      1. Help Center
      2. Access Point Instructions
      3. Captive Portal

      Bluesocket

      Access Point Instructions for Bluesocket

      This page explains the configuration of Bluesocket wireless access points for external Captive Portal and RADIUS server authentication.

      IronWiFi Console Configuration

      1. Log into the IronWiFi console or register for free
      2. Create a new network
      3. After that, create a new captive portal, with vendor Bluesocket

      Access Point Configuration

      Please log in to your Bluesocket WLAN controller

      At the top click on Configuration and then on the left, under External Authentication click on Accounting

      Click on Create Accounting Server and enter the following:

      • Name: guest1
      • Enabled: Ticked
      • IP Addressget this value from the IronWiFi console
      • Port: 1813
      • Shared Secretget this value from the IronWiFi console
      • Shared Secret Confirmation: as above
      • Timeout: 5
      • Retries: 5
      • Interim Updates Enabled: Ticked
      • Interim Update Interval: 300

      Click Create Accounting Server

      Click on Create Accounting Server again and enter the following:

      • Name: guest2
      • Enabled: Ticked
      • IP Addressget this value from the IronWiFi console
      • Port: 1813
      • Shared Secretget this value from the IronWiFi console
      • Shared Secret Confirmation: as above
      • Timeout: 5
      • Retries: 5
      • Interim Updates Enabled: Ticked
      • Interim Update Interval: 300

      Click Create Accounting Server

      Next, on the left, under External Authentication click on Servers. Click on Create Authentication Server and enter the following:

      • Type: RadiusWebAuthServer
      • Name: guest1
      • Accounting Server: guest1
      • IP Addressget this value from the IronWiFi console
      • Portget this value from the IronWiFi console
      • Shared Secretget this value from the IronWiFi console
      • Shared Secret Confirmation: as above
      • Timeout Weight: 1
      • Precedence: Highest
      • Role: Guest

      Click on Create Authentication Server.

      Click on Create Authentication Server again and enter the following:

      • Type: RadiusWebAuthServer
      • Name: guest2
      • Accounting Server: guest2
      • IP Addressget this value from the IronWiFi console
      • Portget this value from the IronWiFi console
      • Shared Secretget this value from the IronWiFi console
      • Shared Secret Confirmation: as above
      • Timeout Weight: 1
      • Precedence: Lowest
      • Role: Guest

      Click on Create Authentication Server.

      Next, on the left under Captive Portal, click on Forms. Click Create Login Form and enter the following:

      • Name: guest
      • Allow User Logins: Ticked
      • Allow Guest Logins: Unticked
      • Redirect Clients to an External URL: Ticked
      • Base URL of External Serverget this value from the IronWiFi console
      • Clients Access Point MAC Address: blue_ap
      • Client's Access Point Name: blue_ap_name
      • vWLAN IP Address: blue_controller
      • Client's Original URL: blue_destination
      • Client's MAC Address: blue_mac
      • Client's IP Address: blue_source
      • Client's Access Point SSID: blue_ssid
      • Client's VLAN ID: blue_vlan
      • Double Encoding of URI Parameters: Unticked
      • Include RADIUS Option Vendor option: Unticked

      Click on Create Login Form.

      Next, on the left, under Role Based Access Control click on Destinations. Click on Create Destination Hostname and enter:

      • Name: guestportal
      • Addressget this value from the IronWiFi console

      Click on Create Destination. Now, for each of the below entries, create another destination hostname until you have added each one:

      107.178.250.42

      If you need to load resources from external servers (SAML, social login), you will need to add other entries as well, instructions to configure the walled garden list in this case are available here.

      Next, on the left, click on Destination Groups. Click on Create Destination Group.

      • Name: guest
      • Destinations: Click the + sign beside each domain on the right hand list to add all of these to the left list. Be sure not to add the "Any" rule.

      Click Create Destination Group

      Next, on the left, click on Roles. Click on the Un-registered role. At the bottom, click on Append Firewall Rule and choose:

      • Policy: Allow
      • Service: Any
      • Direction: Both Ways
      • Destination: under "Destination Groups" choose guest

      Click Update Role.

      Next, on the left, click on Roles. Click on the Guest role. Under the Post Login Redirection section, enter:

      URL Redirectget this value from the IronWiFi console

      Click Update Role to save.

      Next, on the left, under Wireless click on SSIDs. Click on Create SSID and enter the following:

      Name: Guest WiFi (or whatever you wish)

      Broadcast SSID: Ticked

      Authentication: Open System

      Cipher: Disabled

      Login Form: guest

      Role: Un-registered

      Standby SSID: Unticked

      Click on Create SSID.

      Finally, you need to apply this new configuration to your AP's in the usual way. For example, go to the Status tab at the top and choose Access Points. Highlight the ones you are using and click the Apply button.

      ! You must also install a valid SSL certificate on your controller/AP, in order to avoid authentication issues !