Introduction
This article describes step-by-step how to configure Captive Portal in
InControl2.
With captive portals you can easily offer internet to your guests and
easily control connection time and speed, data usage limits, and more.
By creating captive portals in InControl2 , you can apply the same
configuration to all, or a selection of your Peplink Access Points in just
a few clicks.
Sign in to InControl2
Select your Wi-Fi AP settings and click on the “Add new SSID” button
[image: CPiIC2]
A screen pops up to configure the SSID settings:
[image: CPiIC2-01]
Let’s go through the available options:
[image: CPiIC2-02]
Name your SSID.
[image: CPiIC2-03]
Tick this box to enable the SSID when you have finished configuring the
SSID.
[image: CPiIC2-04]
Select the security required, the SSID supports several encryption methods
(see below); if you are not sure choose WPA2 – personal
[image: CPiIC2-05]
Tick the box if you want to Enable Layer 2 isolation; this feature stops
WiFi client devices from communicating with each other, but the clients are
still able to access the rest of the LAN.
[image: CPiIC2-06]
Choose if you want your SSID to be visible (or not).
[image: CPiIC2-07]
If you want to block your SSID clients to access your LAN tick the guest
protect box.
This is strongly recommended for Public Wi-Fi |(in combination with Layer 2
isolation)
[image: CPiIC2-08]
If you want to limit the bandwidth for your SSID Wi-Fi you have the
possibility to do that here.
[image: CPiIC2-10]
Set your VLAN ID and enable VLAN tagging (leave default settings if you
aren’t sure).
[image: CPiIC2-11]
Select one of the MAC filter options if you want to filter access to your
SSID by MAC address.
[image: CPiIC2-12]
Select multicast filtering, multicast rate and IGMP snooping.
This can stay disabled in most cases.
[image: CPiIC2-13]
Select which radio channel band you want to advertise, 5Ghz is a newer and
faster technology. If you aren’t sure leave both options ticked.
[image: CPiIC2-15]
Choose on which of your Peplink devices you want to enable this SSID. When
you “tag” your devices you can include or exclude some of your devices.
[image: CPiIC2-16]
Tick this option to enable your Captive Portal.
[image: CPiIC2-17]
Select if you want to publish your SSID on all your routers and access
points or on your routers only.
Note: Captive portal will be applied to Pepwave MAX and Peplink Balance One
only. This is useful when Pepwave APs are set up on the LAN of
Peplink/Pepwave router(s). The same SSID shall be applied to all devices.
But to avoid double redirections, the captive portal shall only be applied
to the Peplink/Pepwave router(s).
You now see 6 different ways of configuring your captive portal:
- Social
- Open Access
- Guest Account
- Token
- SMS
Social
For more details on the social Wi-Fi configuration options follow the
instruction in this link: :
http://www.peplink.com/knowledgebase/how-to-set-up-social-wi-fi/
Open Access
[image: CPiIC2-18]
[image: CPiIC2-19]
If you want to allow Open Access to your Wi-Fi tick the enable box.
The next option is Daily Quota; you can allow unlimited access or limit the
access by time or bandwidth used by selecting the chosen option from the
drop down list.
[image: CPiIC2-20]
Not limited
You don’t have to select any additional options.
Time based
[image: CPiIC2-22]
If you choose to limit the quota by time you can select the amount of time
you want people to have access to your Wi-Fi- and have 2 options to reset
this quota.
This can be done at a certain time, once a day or after a certain amount of
minutes.
Bandwidth based
If you choose to limit the quota by bandwidth your Wi-Fi users will only be
able to use the amount specified in this box.
This quota will be reset once a day, you can choose at which time this is
done.
Session Timeout
Wi-Fi clients that have disconnected from this SSID for more than this
amount of time, or Ethernet clients that have not generated any traffic for
more than this amount of time will be signed out automatically. When time
based daily quota is enabled, 5 minutes is suggested. Default: 60 mins
Allowed Networks
In this field you can add domain names and / or network ip addresses that
are allowed on this Open Access SSID. This automatically means that no
other devices will be allowed on this SSID.
Examples for network ip addresses are 172.16.0.0/24 or hotspotsystems.com
Allowed clients
In this field you can add single MAC or IP addresses for devices that you
want to allow on this SSID
Company Name
This is a required field, fill in your company name.
Landing Page
You have got 3 options for your landing page :
- Display a signed-in page with a Start Browsing button. Clicking the
button will redirect to the URL the guest user had originally requested. In
the auto-login popup browser on iOS, clicking the button will redirect to:
“the webpage you have entered in this field” - Display a signed-in page with a Start Browsing button. Clicking the
button will unconditionally redirect to: “the webpage you have entered in
this field” - Redirect to: “the webpage you have entered in this field”
Guest Account
Your Guest Account options are quite similar to your Open Access options.
The only difference is that you can add useraccounts to allow people on
this SSiD.
You can do this manually or import a .csv files with username and passwords:
Manually
Enter details in the window that pops up as shown below:
[image: CPiIC2-23]
CSV file upload
Choose CSV file upload if you want to add multiple useraccounts.
You need to have a list with usernames and passwords which will be uploaded
to your device.
The format looks like this:
[image: CPiIC2-24]
[image: CPiIC2-25]
After you uploaded your .csv file you see this window; just follow the
onscreen instructions and click “Next”
[image: CPiIC2-26]
Before the user accounts get imported you have an option to review your
choices and go back if need be.
[image: CPiIC2-27]
Token
The “Token” options are quite similar to your Open Access options.
The only difference is that you can generate tokens to allow people on this
SSiD.
To do this tick the “enable” box and after you click on the “Manage”
button. You will see the window below:
[image: CPiIC2-28]
When you click the “Generate” button you can choose the amount of tokens to
generate, the token format (amount of characters and have a choice between
numbers, lowercase letters, mixed case letters and letters & numbers).
[image: CPiIC2-29]
You can also select how for how long the token should be valid.
[image: CPiIC2-30]
After generating the tokens they are ready to be downloaded and you see an
overview in your Token window:
[image: CPiIC2-31]
Most companies print these tokens in a handy format and hand them out to
their Wi-Fi users.
You can see how many tokens are used in the Access token management window.
Email
The “Email” options are quite similar to the Open Access options.
The only difference is that people can sign in with their email address to
gain access to this SSiD.
[image: CPiIC2-32]
The “Email” option allows you to collect Wi-Fi user details by clicking the
“Collect User details” tickbox.
You can set the Amount of time for E-mail checking from 2 to 5 minutes.
And there is an option to set the E-mail sender name.
SMS
To enable authentication by SMS (also known as text messages) you first
have to manage the SMS settings for Captive portal in the InControl group
settings.
Open the Group settings:
[image: CPiIC2-33]
In the group settings page you’ll find the SMS Settings for Captive Portal
Click on manage:
[image: CPiIC2-34]
After clicking on Manage you can add the service name and provider details.
At the moment of writing this article Peplink only support Twilio
https://www.twilio.com/ as a service Provider but this list will grow if
the demand for SMS Captive Portal support increases.
This is in fact the phone number that will send SMS messages to your Wi-Fi
users.
[image: CPiIC2-35]
Once you have added and saved these settings, return to your Group-Wide
SSID settings screen.
The “SMS” options are quite similar to your “Token” options.
The only difference is that you generate tokens that are sent to the Wi-Fi-
users mobile number that they fill in on the Captive Portal.
You have an option to set the length of the tokens and the amount of time
for SMS checking in minutes.
Your Wi-Fi users are now asked to fill in their phone number and will
receive a token to access the SSID in a SMS (text) message as shown in the
image below.
[image: CPiIC2-36]