Skip to main content

Search

Cloudi-Fi Knowledge Base

How to set up Cloudi-Fi Captive Portal with Cradlepoint

Alexandre de THOMASSON
  • Updated

Set up a Radius-based captive portal with Cradlepoint and Cloudi-Fi for user authentication. 

 

Use case

This guide provides step-by-step instructions for integrating the Cloudi-Fi captive portal with Cralepoint Network. This setup enables Radius-based user authentication, ensuring a secure and seamless network access experience. 

 

Cloudi-Fi captive portal SSID and Radius.png

 

Prerequisites

Before starting, ensure you have the following prerequisites:

  • Access to Cloudi-Fi's admin console
  • Cloudi-Fi Radius IPs and Secret  
  • Access to the Cradlepoint
  • Knowledge of your network’s IP addressing scheme

 

1. Get the Cloudi-Fi required URL

Go to the "Location" section in the Cloudi-fi Admin interface.
Create New Location and enter the required details for the new location:

  • Location Name
  • Type (Redirect URL)
  • Portal template
  • Country 

Location URL: this URL will be used to configure an External Captive Portal

  • Access the Cloudi-Fi administration console
  • Select the location
  • Click on the menu button for the location
  • Select "Copy Splash page URL"

Cloudi-Fi Get captive portal url

Transform the URL as follows:

Cloudi-Fi

https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/spsomething.com

Cradlepoint

https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/spcradlepoint.com

Company Key

  • Go to Configuration, then Company Account, and copy the Cloudi-Fi Public Key

 

2. Get Radius information

You will need the Radius information (Server IPs, Secret, Ports) to set up.

  1. IPs address of the Radius servers
  2. Ports: UDP 1812 (Authentication) & 1813 (Accounting)
  3. The Secret (provided by Cloudi-Fi Support)

You can get the Secret by asking in the Chatbot, Cloudi-Fi’s Support team will provide you with the necessary information.

Cloudi-Fi - Get Radius secret for Cradelpoint

  1. What shared secret is used for the Radius server with Cradlepoint? (Please save this confidential information securely, and do not share it publicly.)
This configuration can be applied individually to each device or to a group of devices.

 

3. Configure your DHCP and your guest network

  1. Navigate to the NetCloud center configuration.
  2. Access the Devices' list.
  3. Select your device from the list.
  4. Edit the configuration of the selected device.

Cradlepoint - Select your device

  1. Activate the DHCP server on the Cradlepoint.
  2. Navigate to Networking Local Networks.
  3. Choose Local IP Networks.
  4. Add a new network or edit an existing one.

Cradlepoint - Add a new network or edit an existing one.

  1. Select a name for your network. In this case, we've opted for "Cloudi-Guest."

Cradlepoint - Name your network

  1. Choose an IP address range.
  2. Ensure that you select "Hotspot" as the IPV4 Routing Mode.

Cradlepoint - Set your subnet and enable Hotspot profile

  1. Enable DHCP Server
  2. Set lease time

Cradlepoint - Enable DHCP server

 

4. Configure SSID

  1. Modify the SSID for each WiFi radio.

Edit SSID

  1. Set "Controller and captive."
  2. Set its security mode to "Open”.

Cradlepoint - Set security mode to Open

  1. Navigate to "Hotspot Services."
  2. Choose the Hotspot mode as "RADIUS/UAM."
  3. Set the server address, Authentication Port, and Shared Secret from the Cloudi-Fi Support team.

Cradlepoint - Configure Cloudi-Fi's radius servers  

  1. Under "Redirection On Successful Authentication," select "To an administrator-defined URL" and paste the URL: "https://login.cloudi-fi.net/success.php."
  2. In the Login URL field, paste your "Splash Page URI."
  3. In the "Allowed Hosts/Domain before Authentication" menu, include the following hosts:
    • *.cloudi-fi.com
    • *.cloudi-fi.net

  Cradlepoint - Configure Cloudi-Fi captive portal URL  

5. Configure external Syslog server configuration

  1. Navigate to your device's configuration and access System Logging.
  2. Adjust the Logging Level to Debug.
  3. Input the Syslog Server Address (provided by the Cloudi-Fi Support Team).
  4. Enter port 514.

Cradlepoint - Configure and forward Syslog to Cloudi-Fi

 

6. Configure traffic logging

Traffic logging can be set in conjunction with filtering.. Filtering can be based on the following:

  • Applications
  • Resource identities (IP add, ports )
  • Source and destination
  • Navigate to your device's configuration, Edit Security > Zone Firewall
  • Create a policy
  • Include at least a rule to catch all traffic with allow and log(this rule will generate traffic logs for the captive portal)

Cradlepoint - Create a policy

  • Go to Zone Forwarding.
  • Use your policy in Zone Forwarding between your Guest Lan and selected WAN zone.
  • Add a zone forwarding or update an existing one to use your policy.

Cradlepoint - Edit Zone forwarding

 

Troubleshooting 

Captive portal display issue before or after authentication

  1. The problem may be related to DHCP or DNS.
    1. Check that your IP private address is valid.
    2. Check that login.cloudi-fi.net is resolved.

    Assuming the DNS and IP address function is good, you still have a captive portal problem.

  2. Type http://neverssl.com on your browser to apply the redirection on the portal.

Error after authentication on the page

  1. Once connected to the SSID, if you notice a Cloudi-Fi error page instead of your captive portal
  2. Check the configuration of the Radius server:
    1. The IP address of RADIUS 
    2. RADIUS port (default port 1812)
    3. The shared password
  3. If you still encounter problems after following all the configuration steps, follow the steps below and provide it to the Cloudi-Fi support team:
    1. Make a web capture of your browser
    2. Share with the Cloudi-Fi support team
    3. The URL of the captive portal configured on Cradlepoint