How to setup Group Captive Portal
A) You want to brand the Wi-Fi access.
B) Provide terms and conditions for accessing Wi-Fi.
C) Utilize session limits or capture user information.
Warning: Prior to setting up your captive portal, it is recommended to start the
setup of a VLAN first. See the instructions named Configuring a VLAN. Follow
the first portion of the setup and then finish once your Captive Portal is
- Log into InControl2
- To enable the Captive Portal, hover over the Network Settings tab then click on Captive Portals.
- Click on New Captive Portals
- In the window that opens, place a check mark in the Enable
box. Next, enter a Name for the Captive Portal (it can be any name without effecting
the device). Then, enter your Company Name. (this will appear on the Captive Portal and in the default Terms and Conditions)
- You will have to choose at least one Access Mode. This is how your customers will be able to get through the Captive Portal and onto the internet. If you want your customers to just pass through, select Open Access. All other options require some form of verification. If you want to collect customer information, you can choose any combination of options other than Open Access. The following information outlines each of the six options.
There are 6 options for configuring your captive portal:
- Open Access
- Guest Account
There is a separate enable radio button for each option. The option will not be enabled unless there is a check mark to enable the specific option. Enabled options will change from Black lettering to Blue lettering.
Follow the steps below to enable each option. You can set up multiple modes of access for the Captive Portal to allow your customers different login options.
There are 7 different options for access using social networking. These are dependent upon you or your company already having an account with the different social networking
sites. Each option needs to have a check mark in the box to the left to enable that social networking site. Enter your site ID from the social networking page to link it to your login page. Hover over the blue circle with an i for additional information.
Open access does not ask for any personal information from your customers, it only displays the Splash page with a link to the Terms and Conditions and then allows access to the internet connection through the router.
There are 4 options for limiting data usage on connected wireless enabled devices.
You don’t have to select any additional options.
If you choose to limit the quota by time you can select the amount of time you want people to have access to your Wi-Fi. You have 2 options to reset this quota.
Once per day at a preset time (Default is 2:00 AM) OR after a certain number of minutes.
If you choose to limit the quota by bandwidth your Wi-Fi users will only be able to use the amount specified in this box. This quota will be reset once a day and you can choose at which time this is done.
Time and bandwidth based
Access is limited to a set amount of total Time or Bandwidth (whichever limit is reached first) based on the reset quota (see below) that resets the quota depending on the settings chosen.
The Guest Account option is similar to the Open Access option. The difference is that
you can add user accounts to allow people on this SSID. This can be done manually or through an import .csv file with username and passwords.
To make use of Guest accounts, you must first check the enable box and then navigate to the bottom of the window and click .
Find your Access Mode options and click on to access the Guest Account settings.
To manually add users, click on to enter the details.
Enter details in the example window shown below.
To quickly add many Guests, choose the Import option.
This can be done using a .csv file upload. It will require a list with usernames and passwords which will be uploaded to your device. A sample format is below.
After clicking , you will see the following. Follow the steps to upload your file.
After successfully uploading a .csv file you will see thefollowing message.
Next you will enter your settings for the uploaded Guest Accounts.
You can also choose to allow multiple devices to connect on one username/password by clicking on and choose the number of allowed sessions.
Or you can choose to limit use with a Bandwidth Quota.
Click at the bottom of the window. You will then Review your imported users and
click on to add them to the Captive Portal.
Upon successful import of the users you will be taken back to the Guest Account Management page. Click on to go back to the Captive Portal setup page.
The “Token” option is similar to your Open Access options. The difference is that you can generate tokens to allow people on this SSiD. To make use of Tokens, you must first check the enable box and then navigate to the bottom of the window and click .
Click on the to reopen it and continue making changes to the
Guest Account settings.
Find your Access Mode options and click on to access the Token settings.
If you want the system to generate your Tokens, click the Generate button.
When you click the Generate button you can choose the number of tokens to generate, the token format (amount of characters and have a choice between numbers, lowercase letters, mixed case letters and letters & numbers). You can also select the length of time the token should be valid and how many concurrent sessions will be allowed per token.
After generating the tokens they are ready to be downloaded. You will also see an overview in your Token window.
Most companies print these tokens in a format that can be handed out to their Wi-Fi users. By looking at the Token window, you can see how many tokens have been used.
Here is a sample of downloaded tokens.
If you prefer users to sign in with their email, choose this option. The email addresses
are captures for future marketing if you like.
The default settings are shown here.
The Email option allows you to collect Wi-Fi user details by placing a check mark in the Collect Guest Name box.
E-mail checking time
You can set the amount of time for E-mail checking from 2 to 5 minutes. This provides the user a set amount of time to verify email if they want to access Wi-Fi. This must be done from the device you are using to access the Wi-Fi.
Enter your company name in the E-Mail Sender Name to have the email the customer receives appear to be from your company. It is possible some email clients may reject it or delete it as Spam.
You have 4 options for the daily quota:
· Not Limited – Customers can access the internet without restrictions on time or data used.
· Time Based – Access is limited to a set amount of time based on the reset quota that resets the quota depending on the settings chosen.
· Bandwidth Based – Access is limited to a set amount of total Bandwidth based on the reset quota that resets the quota depending on the settings chosen.
· Time and bandwidth based – Access is limited to a set amount of total Time or Bandwidth (whichever limit is reached first) based on the reset quota that resets the quota depending on the settings chosen.
To enable authentication by SMS (also known as text messages) you first must manage the SMS settings for Captive portal in the InControl Group Settings.
The SMS options is like the Token option, the difference being the generated tokens are sent to the Wi-Fi users mobile number. That Token number is then input into the Captive Portal.
Select your Company in the SMS Service drop-down menu. Decide your Token Length, and Amount of Time for SMS Checking. Then update your Daily Quota if applicable.
At this point you should go to manage the SMS settings. This done by going to the bottom of the page and click on the . Navigate and hover over Settings, click on .
In the group settings page, you’ll find the SMS Settings for Captive Portal. Click on .
After clicking on Manage you can add the service name and provider details. Currently
Peplink only supports Twilio as a service Provider but this list will grow if the demand for SMS Captive Portal support increases.
Service Name - This will be the sender of the SMS message
Twilio Phone Number - This is the phone number that will send SMS messages to your Wi-Fi users.
Account SID - This is your account SID from Twilio (You need to have a Twilio account to use the SMS service)
Auth Token - This is the token your users will receive via SMS text message to access the internet through your device.
Once you have added and saved these settings, click on the button.
Your Wi-Fi users will be asked to fill in their phone number and will receive a token to access the SSID in a SMS (text) message as shown in the image below.
You can now navigate back to the Network Settings tab to get to Captive Portals. (Going back to the window you were in before) Click on your Captive Portal Name in the list.
This is the length of time between login requests individual Wi-Fi enabled devices will get before being required to fill out the Captive Portal form again. The default settings are shown. The total number of minutes currently has a maximum limit of 999 minutes.
Guests required to sign in…
The default setting is shown but can be changed to any of the 3 options.
In this field, you can add domain names and/or network IP addresses that are allowed on this Open Access SSID. This automatically means that no other devices will be allowed on this SSID.Examples for network IP addresses are 172.16.0.0/24 or hotspotsystems.com
In this field, you can add single MAC or IP addresses for devices that you want to allow on this SSID.
The Landing Page (also known as the redirect page) is not available on
Android devices due to limitations present on the Android Operating System.
You have 3 options for your landing page :
· Display a signed-in page with a Start Browsing button. Clicking the button will redirect to the URL the guest user had originally requested. In the auto-login popup browser on iOS,
clicking the button will redirect to: “the webpage you have entered in this field” (The default setting is shown as http://www.apple.com/)
· Display a signed-in page with a Start Browsing button. Clicking the button will unconditionally redirect to: “the webpage you have entered in this field”
· Redirect to: “the webpage you have entered in this field”
The basic Captive Portal should
now be complete and will show the Peplink logo and default Terms and Conditions
(seen below with open access enabled).
If this is acceptable to you click on the blue Save Changes button at the bottom of the window and you will be taken back to the Network Settings page of InControl2.
To customize your Captive Portal with your company logo and/or a custom background image click on the blue Preview and Customization link on the bottom left of the
***After you have made all of the changes to your Captive Portal, make sure to click on the blue button at the bottom of the screen otherwise all changes will be erased and the Captive Portal will revert back to the last saved configuration. You will want to go back to your VLAN and add the Captive Portal name to it. See the Configuring a VLAN document.