Set up a Radius-based captive portal with Cradlepoint and Cloudi-Fi for user authentication.
Use case
This guide provides step-by-step instructions for integrating the Cloudi-Fi captive portal with Cralepoint Network. This setup enables Radius-based user authentication, ensuring a secure and seamless network access experience.
Prerequisites
Before starting, ensure you have the following prerequisites:
- Access to Cloudi-Fi's admin console
- Cloudi-Fi Radius IPs and Secret
- Access to the Cradlepoint
- Knowledge of your network’s IP addressing scheme
1. Get the Cloudi-Fi required URL
Go to the "Location" section in the Cloudi-fi Admin interface.
Create New Location and enter the required details for the new location:
- Location Name
- Type (Redirect URL)
- Portal template
- Country
Location URL: this URL will be used to configure an External Captive Portal
- Access the Cloudi-Fi administration console
- Select the location
- Click on the menu button for the location
- Select "Copy Splash page URL"
Transform the URL as follows:
Cloudi-Fi
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/spsomething.com
Cradlepoint
https://login.cloudi-fi.net/start/ch/ebd2egzrfgrg/lh/qgrzqrgegs/sp/spcradlepoint.com
Company Key
-
Go to Configuration, then Company Account, and copy the Cloudi-Fi Public Key
2. Get Radius information
You will need the Radius information (Server IPs, Secret, Ports) to set up.
- IPs address of the Radius servers
- Ports: UDP 1812 (Authentication) & 1813 (Accounting)
- The Secret (provided by Cloudi-Fi Support)
You can get the Secret by asking in the Chatbot, Cloudi-Fi’s Support team will provide you with the necessary information.
- What shared secret is used for the Radius server with Cradlepoint? (Please save this confidential information securely, and do not share it publicly.)
This configuration can be applied individually to each device or to a group of devices.
3. Configure your DHCP and your guest network
- Navigate to the NetCloud center configuration.
- Access the Devices' list.
- Select your device from the list.
- Edit the configuration of the selected device.
- Activate the DHCP server on the Cradlepoint.
- Navigate to Networking Local Networks.
- Choose Local IP Networks.
- Add a new network or edit an existing one.
- Select a name for your network. In this case, we've opted for "Cloudi-Guest."
- Choose an IP address range.
- Ensure that you select "Hotspot" as the IPV4 Routing Mode.
- Enable DHCP Server
- Set lease time
4. Configure SSID
- Modify the SSID for each WiFi radio.
- Set "Controller and captive."
- Set its security mode to "Open”.
- Navigate to "Hotspot Services."
- Choose the Hotspot mode as "RADIUS/UAM."
- Set the server address, Authentication Port, and Shared Secret from the Cloudi-Fi Support team.
- Under "Redirection On Successful Authentication," select "To an administrator-defined URL" and paste the URL: "https://login.cloudi-fi.net/success.php."
- In the Login URL field, paste your "Splash Page URI."
- In the "Allowed Hosts/Domain before Authentication" menu, include the following hosts:
- *.cloudi-fi.com
- *.cloudi-fi.net
5. Configure external Syslog server configuration
- Navigate to your device's configuration and access System Logging.
- Adjust the Logging Level to Debug.
- Input the Syslog Server Address (provided by the Cloudi-Fi Support Team).
- Enter port 514.
6. Configure traffic logging
Traffic logging can be set in conjunction with filtering.. Filtering can be based on the following:
- Applications
- Resource identities (IP add, ports )
- Source and destination
- Navigate to your device's configuration, Edit Security > Zone Firewall
- Create a policy
- Include at least a rule to catch all traffic with allow and log(this rule will generate traffic logs for the captive portal)
- Go to Zone Forwarding.
- Use your policy in Zone Forwarding between your Guest Lan and selected WAN zone.
- Add a zone forwarding or update an existing one to use your policy.
Troubleshooting
Captive portal display issue before or after authentication
- The problem may be related to DHCP or DNS.
- Check that your IP private address is valid.
- Check that login.cloudi-fi.net is resolved.
Assuming the DNS and IP address function is good, you still have a captive portal problem.
- Type http://neverssl.com on your browser to apply the redirection on the portal.
Error after authentication on the page
- Once connected to the SSID, if you notice a Cloudi-Fi error page instead of your captive portal
- Check the configuration of the Radius server:
- The IP address of RADIUS
- RADIUS port (default port 1812)
- The shared password
- If you still encounter problems after following all the configuration steps, follow the steps below and provide it to the Cloudi-Fi support team:
- Make a web capture of your browser
- Share with the Cloudi-Fi support team
- The URL of the captive portal configured on Cradlepoint