Configure Captive Portal in InControl2
This article describes step-by-step how to configure Captive Portal in InControl2. With captive portals you can easily offer internet to your guests and easily control connection time and speed, data usage limits, and more. By creating captive portals in InControl2 , you can apply the same configuration to all, or a selection of your Peplink Access Points in just a few clicks.
Sign in to InControl2
Select your Wi-Fi AP settings and click on the “Add new SSID” button
A screen pops up to configure the SSID settings:
Let’s go through the available options:
Name your SSID.
Tick this box to enable the SSID when you have finished configuring the SSID.
Select the security required, the SSID supports several encryption methods (see below); if you are not sure choose WPA2 – personal
Tick the box if you want to Enable Layer 2 isolation; this feature stops WiFi client devices from communicating with each other, but the clients are still able to access the rest of the LAN.
Choose if you want your SSID to be visible (or not).
If you want to block your SSID clients to access your LAN tick the guest protect box.
This is strongly recommended for Public Wi-Fi |(in combination with Layer 2 isolation)
If you want to limit the bandwidth for your SSID Wi-Fi you have the possibility to do that here.
Set your VLAN ID and enable VLAN tagging (leave default settings if you aren’t sure).
Select one of the MAC filter options if you want to filter access to your SSID by MAC address.
Select multicast filtering, multicast rate and IGMP snooping.
This can stay disabled in most cases.
Select which radio channel band you want to advertise, 5Ghz is a newer and faster technology. If you aren’t sure leave both options ticked.
Choose on which of your Peplink devices you want to enable this SSID. When you “tag” your devices you can include or exclude some of your devices.
Tick this option to enable your Captive Portal.
Select if you want to publish your SSID on all your routers and access points or on your routers only.
Note: Captive portal will be applied to Pepwave MAX and Peplink Balance One only. This is useful when Pepwave APs are set up on the LAN of Peplink/Pepwave router(s). The same SSID shall be applied to all devices. But to avoid double redirections, the captive portal shall only be applied to the Peplink/Pepwave router(s).
You now see 6 different ways of configuring your captive portal:
- Open Access
- Guest Account
For more details on the social Wi-Fi configuration options follow the instruction in this link: http://www.peplink.com/knowledgebase/how-to-set-up-social-wi-fi/
If you want to allow Open Access to your Wi-Fi tick the enable box.
The next option is Daily Quota; you can allow unlimited access or limit the access by time or bandwidth used by selecting the chosen option from the drop down list.
You don’t have to select any additional options.
If you choose to limit the quota by time you can select the amount of time you want people to have access to your Wi-Fi- and have 2 options to reset this quota.
This can be done at a certain time, once a day or after a certain amount of minutes.
If you choose to limit the quota by bandwidth your Wi-Fi users will only be able to use the amount specified in this box. This quota will be reset once a day, you can choose at which time this is done.
Wi-Fi clients that have disconnected from this SSID for more than this amount of time, or Ethernet clients that have not generated any traffic for more than this amount of time will be signed out automatically. When time based daily quota is enabled, 5 minutes is suggested. Default: 60 mins
In this field you can add domain names and / or network ip addresses that are allowed on this Open Access SSID. This automatically means that no other devices will be allowed on this SSID. Examples for network ip addresses are 172.16.0.0/24 or hotspotsystems.com
In this field you can add single MAC or IP addresses for devices that you want to allow on this SSID
This is a required field, fill in your company name.
You have got 3 options for your landing page :
- Display a signed-in page with a Start Browsing button. Clicking the button will redirect to the URL the guest user had originally requested. In the auto-login popup browser on iOS, clicking the button will redirect to: “the webpage you have entered in this field”
- Display a signed-in page with a Start Browsing button. Clicking the button will unconditionally redirect to: “the webpage you have entered in this field”
- Redirect to: “the webpage you have entered in this field”
Your Guest Account options are quite similar to your Open Access options. The only difference is that you can add useraccounts to allow people on this SSiD. You can do this manually or import a .csv files with username and passwords:
Enter details in the window that pops up as shown below:
CSV file upload
Choose CSV file upload if you want to add multiple useraccounts. You need to have a list with usernames and passwords which will be uploaded to your device.
The format looks like this:
After you uploaded your .csv file you see this window; just follow the onscreen instructions and click “Next”
Before the user accounts get imported you have an option to review your choices and go back if need be.
The “Token” options are quite similar to your Open Access options. The only difference is that you can generate tokens to allow people on this SSiD.
To do this tick the “enable” box and after you click on the “Manage” button. You will see the window below:
When you click the “Generate” button you can choose the amount of tokens to generate, the token format (amount of characters and have a choice between numbers, lowercase letters, mixed case letters and letters & numbers).
You can also select how for how long the token should be valid.
After generating the tokens they are ready to be downloaded and you see an overview in your Token window:
Most companies print these tokens in a handy format and hand them out to their Wi-Fi users.
You can see how many tokens are used in the Access token management window.
The “Email” options are quite similar to the Open Access options. The only difference is that people can sign in with their email address to gain access to this SSiD.
The “Email” option allows you to collect Wi-Fi user details by clicking the “Collect User details” tickbox.
You can set the Amount of time for E-mail checking from 2 to 5 minutes.
And there is an option to set the E-mail sender name.
To enable authentication by SMS (also known as text messages) you first have to manage the SMS settings for Captive portal in the InControl group settings.
Open the Group settings:
In the group settings page you’ll find the SMS Settings for Captive Portal
Click on manage:
After clicking on Manage you can add the service name and provider details.
At the moment of writing this article Peplink only support Twilio 8 as a service Provider but this list will grow if the demand for SMS Captive Portal support increases, this is in fact the phone number that will send SMS messages to your Wi-Fi users.
Once you have added and saved these settings, return to your Group-Wide SSID settings screen.
The “SMS” options are quite similar to your “Token” options.
The only difference is that you generate tokens that are sent to the Wi-Fi- users mobile number that they fill in on the Captive Portal.
You have an option to set the length of the tokens and the amount of time for SMS checking in minutes.
Your Wi-Fi users are now asked to fill in their phone number and will receive a token to access the SSID in a SMS (text) message as shown in the image below.