Extended Captive Portal enables you to redirect traffic from Wi-Fi clients to a specified portal before granting those clients full Internet access.
Once configured, Extended Captive Portal performs the following functions:
After you have configured Extended Captive Portal settings, you can direct traffic to a page hosted by the captive portal solution you are using. Redirecting HTTP traffic is handled by the AirLink router.
For website authentication and managing RADIUS server accounts, use a solution compatible with CoovaChilli such as Picopoint, Colony Networks or HotspotSystem.
For a more basic captive portal solution that doesn’t require login credentials or password, see Simple Captive Portal.
Below is a flow diagram showing the different Extended Captive Portal components and how Internet access is granted (or denied) to clients.
Once these pre-requisites are met, you can configure AirLink OS Extended Captive Portal settings.
To configure Extended Captive Portal, go to Networking > Extended Captive Portal. The Extended Captive Portal settings, some of which may not be required by your captive portal solution vendor, are listed and described below.
UAM settings such as the one shown below are pre-populated with the default values from CoovaChilli. The default values will help you (if you are familiar with CoovaChilli) know which values in AirLink OS map to which value in the CoovaChilli config file.
Most CoovaChilli solutions will provide you which values to change, and they will refer to these values by their names in the config file. These default UAM values will help you determine which value in AirLink OS is which.
SETTING | DESCRIPTION |
---|---|
ENABLE |
Enable or disable the captive portal.
|
WI-FI APS |
Select the Wi-Fi Access Points and/or SSIDs that will route traffic to the captive portal. |
WAN INTERFACE |
Select the WAN interfaces that captive portal traffic is routed through. You can use this setting to restrict customers’ bandwidth access to a particular WAN interface. Leave blank to use any WAN interface, which can reduce network interference for users. When WAN INTERFACE is blank, captive portal traffic will use the default route (as displayed under Status > Networking > MultiWAN > Default IPv4 Traffic). |
GATEWAY IP |
Enter the captive portal’s IP address on subscriber network. The address is limited to a value in the range defined by the NETWORK and NETMASK. For example, if NETWORK is 192.168.0.0 and NETMASK is 255.255.255.0, the GATEWAY IP must be in the range 192.168.0.1 through 192.168.0.255. |
NETMASK |
Enter the netmask that defines the LAN segment based on the NETWORK. For example, 255.255.255.0 is a “/24” netmask. If the NETWORK field is 192.168.0.0 and the GATEWAY IP is 192.168.0.1, devices connecting to the captive portal will be assigned addresses in the range 192.168.0.2 – 192.168.0.255. |
NETWORK |
Enter the CoovaChilli network IP address: the internal IP address of the captive portal on the router. Example: 192.168.0.0 Note: Internally, this value is assigned to the variable $HS_UAMLISTEN. |
PRIMARY DNS SERVER | Enter the IP address of preferred DNS server to use. |
SECONDARY DNS SERVER | Enter the IP address of alternate DNS server to use if Primary DNS is unavailable. |
PRIMARY RADIUS SERVER | Enter the IP address of the computer where the RADIUS server is running, as provided by your CoovaChilli solution. |
SECONDARY RADIUS SERVER | Enter the IP ADDRESS of the computer where the SECONDARY RADIUS server is running. |
RADIUS SECRET | Enter the Shared secret with the RADIUS server. |
RADIUS AUTHENTICATION PORT |
Enter the UDP port used for RADIUS authentication requests. Default port is 1812. |
RADIUS ACCOUNTING PORT |
Enter the UDP port used for RADIUS accounting requests. Default port is 1813. |
RADIUS COA PORT |
Enter the RADIUS Change of Authorization port (if supported by your solution provider). COA allows a RADIUS server to adjust an active client session and force clients to reauthenticate or disconnect. This is the port through which the RADIUS server sends change of authorization requests. Default port is 3799. |
MAC AUTHENTICATION |
Select the MAC authentication mode. Options are:
|
MAC ALLOW LIST |
Enter a comma-separated list the MAC addresses of devices that do not require authentication for Internet access. The maximum number of entries is 10. |
UAM SERVER |
Hostname of captive portal server. URL of the portal to which you want to redirect users. This portal must be hosted by a Coova Chilli-compatible server solution. |
UAM FORMAT |
URL of captive portal. Use the default value unless otherwise instructed. |
UAM HOME PAGE |
Captive portal main page (login page, for example). Use the default value unless otherwise instructed. |
UAM DOMAINS |
Users can access these sites without being authenticated. UAM DOMAINS is a comma-separated list of domain prefixes that can be accessed via the captive portal page before the user is approved. For example, if the captive portal has a paid tier of services, the user must be able to connect through to an appropriate payment site. If the payment site is not in this list, the portal would prevent it from being accessed. Use the default list (.paypal.com,.paypalobjects.com) to allow users to pay for service using paypal, or add additional domain prefixes to use other services. |
UAM ALLOW LIST |
Enter URLs for web sites that can bypass the captive port and be accessed by any client connected to the access point without authenticating. Enter domain names, IP addresses or network segments. |
UAM SECRET |
Shared secret between the router and the captive portal. You must configure the shared secret on both the router and the captive portal side. |
NAS ID |
RADIUS NAS (Network Access Server) Identifier for each device accessing the captive portal. When clients request access to the RADIUS server, the NAS ID identifies the Access Point to the RADIUS server. |
UAM PORT |
Captive portal’s UAM (Universal Access Mode) port on subscriber network. Use the default value (3990) unless otherwise instructed. |
UAM UI PORT |
Captive portal’s UAM “UI” port on subscriber network, for embedded portal. Use the default value (4990) unless otherwise instructed. |
SESSION TIMEOUT |
The session timeout to be used if not defined by the RADIUS server. Enter the maximum time a session can stay open before automatically ending.
|
IDLE TIMEOUT |
The idle timeout to be used if not defined by the RADIUS server. Enter the maximum time a session can remain idle before automatically ending.
|
MAX DOWNLOAD SPEED |
Maximum download speed
|
MAX UPLOAD SPEED |
Maximum upload speed
|