Contents

External Splash Page with RADIUS Authentication

With this external splash page option, a guest user is redirected to a portal hosted on an external server. The guest user is authenticated by a RADIUS server when the user logs in to the external portal.

Configure External Splash Page with RADIUS Authentication

To configure external splash page with RADIUS authentication:

  1. In the Splash Page URL and Shared Secret text boxes, type the URL for the splash page and type the shared secret.

For WatchGuard Wi-Fi Cloud portals created with Engage and Analyze, you can find this value in Analyze from the Analyze > Portals page. Click Show for the required portal.

WatchGuard Analyze Portals page

The portal shared secret is used to encode the user password. For more information, see How the Encoded Password is Generated.

Make sure you add your splash page URL to the list of Walled Garden entries in your Captive Portal settings so that clients can access the splash page. For more information. see About Authentication Sites and Walled Garden.

  1. Click the RADIUS Settings hyperlink to configure RADIUS server settings that the AP uses to authenticate the wireless user.
  2. From the Interval drop-down list, select a time period for when accounting messages are sent to the RADIUS server. You can configure a value from 1 to 60 minutes. The default is 10.
  3. Configure the Called Station ID and NAS ID options as required. In most cases, you can use the default values.
  • Called Station ID — A free-form text parameter that the AP passes to the RADIUS server in the standard RADIUS parameter, Called-Station-Id, during the authentication or accounting process. You can use one or more of the special format specifiers, %m, %n, %l or %s, to represent the called station ID. The AP replaces %m with the Ethernet MAC address of the AP. The AP replaces %s with the SSID. The AP replaces %l with the location tag. The AP replaces %n with the device name. You can repeat the format specifiers. You can enter text instead of using the format specifiers. The AP uses only the first 255 characters if the length of this parameter exceeds 255 characters.
  • NAS ID — This field is used when a network access server (NAS) serves as a single point to get access to network resources. Usually, a NAS supports hundreds of simultaneous users. When a RADIUS client connects to a NAS, the NAS sends access request packets to the RADIUS server. These packets must contain either the NAS IP address or the NAS identifier. The NAS ID or the NAS-Identifier is used to authenticate RADIUS clients with the RADIUS server. You can specify a string for the NAS ID. You can use one or more of the special format specifiers, '%m, %n, %l and/or %s, to represent the NAS ID. The AP replaces %m with the Ethernet MAC address of the AP. The AP replaces %s with the SSID. The AP replaces %l with the location tag. The AP replaces %n with the device name. You can repeat the format specifiers. The default value of NAS ID is %m-%s. The NAS ID corresponds to the NAS-Identifier attribute on the RADIUS server. The attribute ID for the NAS-Identifier RADIUS attribute is 32. Make sure that the NAS ID is not the same as the shared secret configured for the RADIUS server in the RADIUS Authentication section. The AP uses the first 255 characters if the length of this parameter exceeds 255 characters.

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search