This manual includes the use of the pre-Authentication rules instead of Walled Garden. This allows to login with social networks.
The setup presumes the factory default status of device, however, the modification of productive hotspots is possible too. This manual shows just the features required for the hotsptot with the external captive portal functionality. Other settings are optional.
Select Add New Network and follow the wizard.
Set the name for the new network and switch "Primary usage" to "Guest".
Switch "Client IP assignment" to "Virtual Controller managed" and "Client VLAN assignment" to "Default".
Select "External" for "Splash page type" and "New profile" for "Captive portal profile".
Set the Captive portal name (eg. Socfi) and then use folowing settings:
|IP or hostname||connect.socifi.com|
|Captive Portal failure||Deny intenet|
Confirm the CP profile dialog and set "WISPr" and "MAC authentication" to "Disabled"
Select "New" for "Auth server 1" and fill in the following options:
Switch to "RADIUS"
|Name||according to region related recommendation|
|IP address||according to region related recommendation|
|NAS IP address|
|Dead time||5 min|
Repeat the procedure for "Auth server 2"
Confirm the Auth server settings, go back to Security Tab and finish the configuration with the following settings:
|Reauth interval||0 hrs.|
|Disable if uplink type is||(unchecked all)|
The "Walled garden" setting is suitable only for the firmware version older than 18.104.22.168-22.214.171.124_49446. It is limited by only 16 whitelist entries. The Role-based Access Rules are preffered to use in the later firmware versions and allow to use a Social Network login.
Set "Access Rules" to "Role-based" on the Access Tab.
Select Role according to configured SSID. Open the Acces Rule editation. Change the rule settings to "Access control - Network - any - Allow - to all destinations". This Role can contain just this one rule. Delete the other rules.
In the "Role Assignment Rules" field set the edited rule as default.
In the "Roles" field create a new preauthentication rules set. Choose the name like pre-
The first rule is the external Captive Portal redirection:
Add rules for each FQDN from the Walled Garden list. "Access control - Network - Allow - to domain name" and enter the FQDN.
Set this role set as "pre-authentization role" by checking this option on the Acces Tab.
Select the network name on the default screen. The list of the all included APs will show. All these APs is neccesary to add to the SOCIFI Dashboard as unique hotspots.
The name of AP is editable. DO NOT change the name of the AP if it is used with SOCIFI. Changing the name will cause a dysfunction.
This setup was tested on firmware verion 126.96.36.199-188.8.131.52_49446 (Build time 2015-04-05 01:53:10 PDT) and device IAP-205