How to configure the Portal authentication function on EAP Controller
Suitable for: EAP Controller 2.0.3 or higher EAP Controller 2.X and EAP series with corresponding firmware
Portal authentication is also known as web authentication. With portal function configured on EAP Controller, when unauthorized wireless client is connected to EAP managed by EAP Controller and tries to access to the internet, it will be directed to a pre-set web page which requires additional authentication information for accessing to the internet. Only authorized wireless client can pass the web authentication to access the internet.
Portal authentication is suitable for managing wireless access in public places such as hotels, communities, airports and so on. It provides an easy way for client authentication. Besides authentication the administrator can also put some ads on the portal page for business promotion.
This article is aimed to give you some instructions on how to configure the portal function on EAP controller.
Step 1 Run EAP Controller
Start EAP Controller software and login the management page. For how to install and login the EAP Controller please refer to Chapter 1 of the UG.
Step 2 Choose Appropriate Portal Authentication Type
Go to Wireless Control->Portal. Choose one of the five authentication methods. Available authentication methods are No Authentication, Simple Password, Hotspot, External Radius Server and External Portal server.
1. If you select No Authentication, all wireless clients connected to EAP devices will be able to access to internet without any authentication but clients will still see Term of Use.
2. If you choose Simple Password, all wireless clients will use this single password for authentication.
3. If you choose Hotspot authentication, you will be able to generate a bunch of random voucher codes beforehand. You can print the codes and hand out them to users. Users will use unique code for authentication. Hotspot is configured on Hotspot Manager. Refer to FAQ 915 for detailed configuration of Hotspot. Hotspot authentication requires your controller to stay running.
4. If you choose External Radius Server as authentication type, you can either use the built-in Local Web Portal or External Web Portal. As different username/password can be added on the radius server user can use their unique username for authentication. The picture below depicts the configuration when choose Local Web Portal.
If you have your own web portal, you can choose External Web Portal from the Portal Customization dropdown list. You just need to fill in the External Web Portal’s IP address or domain name on the controller. However there are some requirements for this web portal server. Please refer to FAQ 916 for details.
1) Authentication Timeout is the time that the wireless clients can stay online after passing through the web authentication.
2) If you want to redirect the wireless client’s page to a predefined web page (such as TL-LINK’s official website) after authentication, you need to enable Redirect and fill “http://www.tp-link.com” into “Redirect URL” box.
3) The logo, backgroud image and Term of Use of the built-in Local Web Portal can be slightly customized. The requirements for logo image and background imalge are:Logo image file size less than 100KB; Background image file size less than 2MB, aspect ratio between 0.55 and 0.65.
4) Radius server setup is beyond the scope of this document. Please refer to Radius server manual for help.
5. If choose External Portal Server, only the portal server address is required. The portal server must handle the authentication process. If the client passed the authentication portal server must send a message to controller so that controller can allow this client to have internet. For the requirements of the portal server please refer to FAQ 928. Please also be noted that External Portal Server authentication requires your controller server to stay online.
Step 3 Setup Free Authentication Policy
Free authentication policy is required if use external web portal or external portal server. Otherwise this step is optional.
Click” ” ->Wireless control->Free Authentication Policy->click “Add” to configure the external web portal/portal server as a whitelist of Free Authentication Policy, otherwise the wireless clients cannot access it before authentication.
Fill the Source IP Range with the IP or IP subnet of wireless clients, and set the IP of your external web portal/portal server as the Destination IP Range. After configuring the Source MAC and Destination Port tick “Enable” and click ”Apply” to finish the configuration.
If the Source MAC and Destination Port are leave as blank, it means the EAP device will not care about them.
Step 4 Enable Portal on Specific Wireless Network
Click “” ->Wireless Settings -> click“”, in the pop-up interface. Tick enable Portal and click Apply.
After the above settings, when laptop/smartphone/tablet connect to the wireless network and try to visit a plain HTTP site, the landing page will be displayed. After successful authentication, the user will be able to access Internet.
It is highly recommended to keep the controller running, if choosing Hotspot or external portal server as the authentication type. Or the portal function may not work as expected.
Get to know more details of each function and configuration please go to Download Center to download the manual of your product.