Configure Captive Portal in inControl2


This article describes step-by-step how to configure Captive Portal in
With captive portals you can easily offer internet to your guests and
easily control connection time and speed, data usage limits, and more.
By creating captive portals in InControl2 , you can apply the same
configuration to all, or a selection of your Peplink Access Points in just
a few clicks.

Sign in to InControl2

Select your Wi-Fi AP settings and click on the “Add new SSID” button

[image: CPiIC2]

A screen pops up to configure the SSID settings:

[image: CPiIC2-01]

Let’s go through the available options:

[image: CPiIC2-02]

Name your SSID.

[image: CPiIC2-03]

Tick this box to enable the SSID when you have finished configuring the

[image: CPiIC2-04]

Select the security required, the SSID supports several encryption methods
(see below); if you are not sure choose WPA2 – personal

[image: CPiIC2-05]

Tick the box if you want to Enable Layer 2 isolation; this feature stops
WiFi client devices from communicating with each other, but the clients are
still able to access the rest of the LAN.

[image: CPiIC2-06]

Choose if you want your SSID to be visible (or not).

[image: CPiIC2-07]

If you want to block your SSID clients to access your LAN tick the guest
protect box.
This is strongly recommended for Public Wi-Fi |(in combination with Layer 2

[image: CPiIC2-08]

If you want to limit the bandwidth for your SSID Wi-Fi you have the
possibility to do that here.

[image: CPiIC2-10]

Set your VLAN ID and enable VLAN tagging (leave default settings if you
aren’t sure).

[image: CPiIC2-11]

Select one of the MAC filter options if you want to filter access to your
SSID by MAC address.

[image: CPiIC2-12]

Select multicast filtering, multicast rate and IGMP snooping.
This can stay disabled in most cases.

[image: CPiIC2-13]

Select which radio channel band you want to advertise, 5Ghz is a newer and
faster technology. If you aren’t sure leave both options ticked.

[image: CPiIC2-15]

Choose on which of your Peplink devices you want to enable this SSID. When
you “tag” your devices you can include or exclude some of your devices.

[image: CPiIC2-16]

Tick this option to enable your Captive Portal.

[image: CPiIC2-17]

Select if you want to publish your SSID on all your routers and access
points or on your routers only.

Note: Captive portal will be applied to Pepwave MAX and Peplink Balance One
only. This is useful when Pepwave APs are set up on the LAN of
Peplink/Pepwave router(s). The same SSID shall be applied to all devices.
But to avoid double redirections, the captive portal shall only be applied
to the Peplink/Pepwave router(s).

You now see 6 different ways of configuring your captive portal:

  • Social
  • Open Access
  • Guest Account
  • Token
  • E-mail
  • SMS


For more details on the social Wi-Fi configuration options follow the
instruction in this link: :
Open Access

[image: CPiIC2-18]

[image: CPiIC2-19]

If you want to allow Open Access to your Wi-Fi tick the enable box.

The next option is Daily Quota; you can allow unlimited access or limit the
access by time or bandwidth used by selecting the chosen option from the
drop down list.

[image: CPiIC2-20]
Not limited

You don’t have to select any additional options.
Time based

[image: CPiIC2-22]

If you choose to limit the quota by time you can select the amount of time
you want people to have access to your Wi-Fi- and have 2 options to reset
this quota.
This can be done at a certain time, once a day or after a certain amount of
Bandwidth based

If you choose to limit the quota by bandwidth your Wi-Fi users will only be
able to use the amount specified in this box.
This quota will be reset once a day, you can choose at which time this is
Session Timeout

Wi-Fi clients that have disconnected from this SSID for more than this
amount of time, or Ethernet clients that have not generated any traffic for
more than this amount of time will be signed out automatically. When time
based daily quota is enabled, 5 minutes is suggested. Default: 60 mins
Allowed Networks

In this field you can add domain names and / or network ip addresses that
are allowed on this Open Access SSID. This automatically means that no
other devices will be allowed on this SSID.
Examples for network ip addresses are or
Allowed clients

In this field you can add single MAC or IP addresses for devices that you
want to allow on this SSID
Company Name

This is a required field, fill in your company name.
Landing Page

You have got 3 options for your landing page :

  • Display a signed-in page with a Start Browsing button. Clicking the
    button will redirect to the URL the guest user had originally requested. In
    the auto-login popup browser on iOS, clicking the button will redirect to:
    “the webpage you have entered in this field”
  • Display a signed-in page with a Start Browsing button. Clicking the
    button will unconditionally redirect to: “the webpage you have entered in
    this field”
  • Redirect to: “the webpage you have entered in this field”

Guest Account

Your Guest Account options are quite similar to your Open Access options.
The only difference is that you can add useraccounts to allow people on
this SSiD.
You can do this manually or import a .csv files with username and passwords:

Enter details in the window that pops up as shown below:

[image: CPiIC2-23]
CSV file upload

Choose CSV file upload if you want to add multiple useraccounts.
You need to have a list with usernames and passwords which will be uploaded
to your device.

The format looks like this:

[image: CPiIC2-24]

[image: CPiIC2-25]

After you uploaded your .csv file you see this window; just follow the
onscreen instructions and click “Next”

[image: CPiIC2-26]

Before the user accounts get imported you have an option to review your
choices and go back if need be.

[image: CPiIC2-27]


The “Token” options are quite similar to your Open Access options.
The only difference is that you can generate tokens to allow people on this

To do this tick the “enable” box and after you click on the “Manage”
button. You will see the window below:

[image: CPiIC2-28]

When you click the “Generate” button you can choose the amount of tokens to
generate, the token format (amount of characters and have a choice between
numbers, lowercase letters, mixed case letters and letters & numbers).

[image: CPiIC2-29]

You can also select how for how long the token should be valid.

[image: CPiIC2-30]

After generating the tokens they are ready to be downloaded and you see an
overview in your Token window:

[image: CPiIC2-31]

Most companies print these tokens in a handy format and hand them out to
their Wi-Fi users.
You can see how many tokens are used in the Access token management window.

The “Email” options are quite similar to the Open Access options.
The only difference is that people can sign in with their email address to
gain access to this SSiD.

[image: CPiIC2-32]

The “Email” option allows you to collect Wi-Fi user details by clicking the
“Collect User details” tickbox.

You can set the Amount of time for E-mail checking from 2 to 5 minutes.
And there is an option to set the E-mail sender name.

To enable authentication by SMS (also known as text messages) you first
have to manage the SMS settings for Captive portal in the InControl group

Open the Group settings:

[image: CPiIC2-33]

In the group settings page you’ll find the SMS Settings for Captive Portal

Click on manage:

[image: CPiIC2-34]

After clicking on Manage you can add the service name and provider details.
At the moment of writing this article Peplink only support Twilio as a service Provider but this list will grow if
the demand for SMS Captive Portal support increases.
This is in fact the phone number that will send SMS messages to your Wi-Fi

[image: CPiIC2-35]

Once you have added and saved these settings, return to your Group-Wide
SSID settings screen.

The “SMS” options are quite similar to your “Token” options.
The only difference is that you generate tokens that are sent to the Wi-Fi-
users mobile number that they fill in on the Captive Portal.

You have an option to set the length of the tokens and the amount of time
for SMS checking in minutes.
Your Wi-Fi users are now asked to fill in their phone number and will
receive a token to access the SSID in a SMS (text) message as shown in the
image below.

[image: CPiIC2-36]