Step-by-step instructions on how to set up a Radius-based captive portal with Peplink and Cloudi-Fi for user authentication.
Testing environment
Validated with MAX BR2 IP55 and Firmware 8.2.0 build 5066
Use case
This guide provides step-by-step instructions for integrating the Cloudi-Fi captive portal with Peplink. This setup enables Radius-based user authentication, ensuring a secure and seamless network access experience.
Prerequisites
Before starting, ensure that you have the following prerequisites:
- Access to the Huawei iMaster NCE-Campus.
- Access to Cloudi-Fi’s admin console
- Cloudi-Fi Radius IPs and Secret
- Knowledge of your network’s IP addressing scheme.
- Firewall ports allowed:
- HTTP, HTTPS
- DNS
- RADIUS: UDP 1812, 1813
1. Get the Cloudi-Fi required URL
To create a new location in the Cloudi-fi Admin interface if it doesn't already exist, follow these instructions:
- Go to the "Location" section in the Cloudi-fi Admin interface.
- Create a New Location and enter the required details for the new location:
- Location Name
- Type (Redirect URL)
- Portal template
- Country
Location URL: this URL will be used to configure an External Captive Portal
- Access the Cloudi-Fi administration console
- Select the location
- Click on the menu button for the location
- Select "Copy Splash page URL"
Transform the URL as follows:
Cloudi-Fi
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrgq2/lh/qgrzqrgegs/sp/spsomething.com
Peplink
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrgq2/lh/qgrzqrgegs/sp/sppeplink.com
2. Get Radius information
To set up, you will need the Radius information (Server IPs, Secret, Ports).
- IPs address of the Radius servers
- Ports: UDP 1812 (Authentication) & 1813 (Accounting)
- The Secret (provided by Cloudi-Fi Support)
You can get the Secret by asking in the Chatbot, Cloudi-Fi’s Support team will provide you with the necessary information.
What shared secret is used for the Radius server? (Please save this confidential information securely, and do not share it publicly.)
Company Key
-
Go to Settings > Company Account and copy the Cloudi-Fi Public Key
3. Guest network configuration
Go to Network Network Settings and create a new LAN
-
IP Address: Provide a Guest Subnet
-
Name: Cloudi-Fi-Guest
-
VLAN ID: Provide a VLAN for your Guests
-
DHCP Server: Enabled
-
IP Range: Provide a DHCP Scope for your Guests
-
Lease Time: Amount of time your Guests can use an IP Address
-
DNS Servers: Enable Assign DNS server automatically or provide your own DNS servers
4. Radius configuration
Go to Advanced Misc. Settings Radius Server and add a new Radius
-
Name: Cloudi-Fi-Primary-Radius
-
Host: Radius IPs
-
Port: 1812
-
Secret: Shared Secret provided by the Cloudi-Fi Support team via Chat
Do the same with the Secondary Radius Server.
5. Captive portal profile configuration
Go to Network Captive Portal and create a new LAN
-
Name: Cloudi-Fi-Captive-Portal
-
Enable: Select the LAN you’ve created for the Guests.
-
Hostname: guest.3wi.fi
Note that guest.3wi.fi is a domain name owned by Cloudi-Fi.
You could use this FQDN using the Cloudi-Fi public certificate.
If you prefer to use your domain and certificate,
replace guest.3wi.fi by your domain. -
Access Mode: User Authentication
-
Authentication Profile: Select the Cloudi-Fi's Primary Server and Cloudi-Fi's Secondary Server
-
Accounting Interim Interval: 600
-
NAS-Identifier: Your Cloudi-Fi Public Key
-
Allowed Networks: cloudi-fi.net (If you are using Social Network authentication, also add those domains)
-
Splash Page: Paste your captive portal URL
6. SSID configuration
Go to AP AP Wireless SSID and add a new SSID
-
SSID: Your Guest SSID Name
-
VLAN: Select your Guest VLAN
-
Broadcast SSID: Enabled
-
Security Policy: Open (No Encryption)
7. Configure an SSL certificate
A public certificate has to be deployed on the router to secure the channel between the guest device and the Pepwave router. Guests will receive “Untrusted Certificate” error messages without this certificate after they authenticate on the Cloudi-Fi portal.
Go to Advanced Misc. Settings Certificate Manager Captive Portal SSL
-
Private Key: Your Certificate Private Key
Local Public Key Certificate: Paste the following certificate parts in this order:
-
Server Certificate
-
Intermediate CA
-
Root CA
Go to Network LAN Network Settings and add a new Local DNS Record
-
Host Name: guest.3wi.fi
-
IP Address: 192.168.1.1 (Your LAN IP Address)
If you have any questions, don't hesitate to get in touch with us - How to contact your support?