AP One AC Mini integrate with external captive portal

Hi support team,

I have a Pepwave AP One AC Mini (Firmware: 3.5.2 build 1540) which I’m trying to get it to work with my captive portal. When a client device connected to the SSID, I manage to get captive portal by setting this config below…

Now, based on the information in this URL - Peplink | Pepwave - Forum

The captive portal should have a form sending Username, Password, Command and Orig_URL to the AP (as per Step 5 in the URL above).

I’m stuck with the form setup as below…

<form name=“XXXXX” id=“YYYYY” action=“ZZZZZ” method=“POST” >
<input type=“hidden” name=“username” value=“user01” />
<input type=“hidden” name=“password” value=“password01” />
<input type=“hidden” name=“command” value=“login” />
<input type=“hidden” name=“orig_url” value=“www.google.com” />
<input type=“submit” value=“Click to Surf” />

What’s the value for XXXXX / YYYYY / ZZZZZ ???

Can you provide me with a sample HTML form that will work so I can adapt it into my own captive portal?


Please refer back to the same URL link - Peplink | Pepwave - Forum

You can download an example of the external splash page in php language.

Hi Liew,

From the sample I get the following…

<form method=‘POST’ action=‘https://captive-portal.peplink.com:8000/portal.cgi>
<div align=‘center’ style=“text-align:center”>

<table border=“0” cellpadding=“4” cellspacing=“4” width=“100%”>
<tr><td align=‘center’ colspan=‘2’><br><img src=“logo.png”></td></tr>
<tr><td class=‘title’ colspan=‘2’><span>Welcome to Portal!</span></td></tr>
<tr><td class=‘row_header’>Username: </td><td><input name=‘username’ size=‘32’></td></tr>
<tr><td class=‘row_header’>Password: </td><td><input type=‘password’ name=‘password’ size=‘32’></td></tr>
<input type=‘hidden’ name=‘command’ value=‘login’>
<tr><td align=‘center’ colspan=‘2’><input type=‘submit’ value=‘Login’></td></tr>


This URL doesn’t seems to be a valid link, can you provide this file - https://captive-portal.peplink.com:8000/portal.cgi

So I can study the content and reference to it?


This is the URL for form submission from web client to AP for authentication purpose. Please refer back to the step 5 and 6 in knowledge base - Peplink | Pepwave - Forum

You have to put this URL in your coding.

Hi Liew,

As show in Step 5, the client need to POST the form to AP and I need to know what “action=” to be included in the <form> tag.

For now, if I follow the sample code, the POST action=“https://captive-portal.peplink.com:8000/portal.cgi” is not valid, which means the form submission is not going to the AP. The call flow stuck at Step 5.

Please advise.

The domain “captive-portal.peplink.com” is for MAX/Balance. For AP, please use “device.pepwave.com”, i.e., https://device.pepwave.com:8000/portal.cgi .

You could also use the form_action attribute supplied on the redirection ($_REQUEST’form_action’]) as indicated on the sample page.


Hi Gary,

Thanks for this, I have implemented the form with the action=https://device.pepwave.com:8000/portal.cgi

I see the client is posting the request now to AP. Can’t actually see its content because its HTTPS but that’s expected, assume my Username, Password is in the POST.

Now, the next step I am expecting the AP will send a RADIUS Access-Request to a AAA server as configured below. However, I don’t see the RADIUS Access-Request being send from AP to AAA server. Instead, immediately, the user is granted with internet access.

Please advise…

Hi Gary/Liew…

Thanks for the help on the form, now I manage to post the Username and Password to AP. Subsequently, AP is triggering a RADIUS Access-Request to AAA and AAA reply Access-Accept. - all good.

Going next is AP to send Accounting-Request (START) to AAA but it is missing Acct-Session-Id, see capture below…

Frame 3: 178 bytes on wire (1424 bits), 178 bytes captured (1424 bits) on interface 0
    Interface id: 0
    WTAP_ENCAP: 25
    Arrival Time: May 18, 2016 18:28:16.976101453 MYT
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1463567296.976101453 seconds
    [Time delta from previous captured frame: 0.021575022 seconds]
    [Time delta from previous displayed frame: 0.021575022 seconds]
    [Time since reference or first frame: 0.034483316 seconds]
    Frame Number: 3
    Frame Length: 178 bytes (1424 bits)
    Capture Length: 178 bytes (1424 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: sll:ip:udp:radius]
Linux cooked capture
    Packet type: Unicast to us (0)
    Link-layer address type: 1
    Link-layer address length: 6
    Source: Pepwave_f7:ff:20 (00:1a:dd:f7:ff:20)
    Protocol: IP (0x0800)
Internet Protocol Version 4, Src: (, Dst: (
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
    Total Length: 162
    Identification: 0x0000 (0)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: UDP (17)
    Header checksum: 0xb709 [correct]
        [Good: True]
        [Bad: False]
    Source: (
    Destination: (
User Datagram Protocol, Src Port: 33253 (33253), Dst Port: radius-acct (1813)
    Source port: 33253 (33253)
    Destination port: radius-acct (1813)
    Length: 142
    Checksum: 0xcf01 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
Radius Protocol
    Code: Accounting-Request (4)
    Packet identifier: 0xbc (188)
    Length: 134
    Authenticator: cd35e05796e86c97890f7cdaa51ecbd3
    Attribute Value Pairs
        AVP: l=5  t=User-Name(1): user01
            User-Name: user01
        AVP: l=18  t=User-Password(2): Encrypted
            User-Password (encrypted): 0b3d57a795c2078af9abb7273f801b67
        AVP: l=6  t=Acct-Status-Type(40): Start(1)
            Acct-Status-Type: Start (1)
        AVP: l=6  t=Framed-IP-Address(8):
            Framed-IP-Address: (
        AVP: l=19  t=Calling-Station-Id(31): 4C-34-88-58-77-03
            Calling-Station-Id: 4C-34-88-58-77-03
        AVP: l=6  t=NAS-IP-Address(4):
            NAS-IP-Address: (
        AVP: l=27  t=Called-Station-Id(30): 00-1A-DD-F7-FF-31:pepwave
            Called-Station-Id: 00-1A-DD-F7-FF-31:pepwave
        AVP: l=6  t=NAS-Port-Type(61): Wireless-802.11(19)
            NAS-Port-Type: Wireless-802.11 (19)
        AVP: l=21  t=NAS-Identifier(32): AP-One-AC-Mini-0491
            NAS-Identifier: AP-One-AC-Mini-0491

Based on RFC2866 - RFC 2866 - RADIUS Accounting ==>An Accounting-Request packet MUST have an Acct-Session-Id.

Thanks for the report. We will check on the missing Acct-Session-Id issue.

I’m on (Firmware: 3.5.2 build 1540) - is there a newer firmware I can try on?

I’m having the same issue on multiple external splashes since a few days, for now I could only solve it by removing the captive portal :frowning:

For the missing Acct-Session-Id, please check with 3.5.3s5 build 1610.



Can you please provide the details info for the issue that you encounter ? Initially this forum threads is discussing the parameter passing between the AP & the external captive portal. If this is related to missing Acct-Session-Id, please check the firmware posted by Gary.


Thank you