This article describes the process for creating an internally-hosted splash page on an Access Point and configuring an external RADIUS server to handle authentication.
You can use Datto Networking Cloud Management to create and upload a custom splash page to an Access Point. The splash page will be presented to users when authentication is required. Datto Networking Cloud Management uses RADIUS technology to manage authentication.
Configure the RADIUS Server
You will need to configure a RADIUS server that can be reached by the Access Points on your network. The following steps are required; additional setup details will be specific to the type of RADIUS server you are using.
- Set up the RADIUS server. RADIUS servers are available from the FreeRADIUS project. Microsoft Windows Server includes RADIUS technology.
- Configure the RADIUS server to provide access for the users that you need to authenticate. You must provide a Username and Password for each.
- You can also configure maximum upload and download bandwidth throttles for each user, as well a session timeout, by modifying the attributes WISPr-Bandwidth-Max-Up, WISPr-Bandwidth-Max-Down, and SESSION_TIMEOUT.
- Note the IP address (or hostname) and the server secret of the RADIUS server. You will need them in the following steps.
Configure Datto Networking Cloud Management
The splash page and authentication are specified separately in Datto Networking Cloud Management for each SSID.
- Select Configure → SSID 1 (or specify a different SSID number if you want to use a different SSID).
- Select Custom for the Splash Page type.
- Select Edit Splash Page and edit the splash page as needed. Be sure to include the existing form for RADIUS Access. You may change the form heading and prompt, but you must leave the form controls unchanged.
Figure 1: Radius Access login
- Save the Splash Page
- Select RADIUS for Splash Page Authentication.
- Enter the IP Address or Hostname of your RADIUS server under Server Address 1. If you have a secondary/backup RADIUS server you may enter it for Server Address 2.
- Enter the server secret for your RADIUS server under Server Secret. A RADIUS server limits access to only those knowing its secret.
- If a NAS ID is required in your usage, enter it as well. A NAS ID may be used to pass additional information about an authentication request to the RADIUS server.
- Normally, after a user is successfully authenticated they will be taken to the we-page that triggered the splash page. If you prefer for them to be taken to a common completion page, you may enter an explicit Redirect URL.
- Save changes to the SSID configuration.
Figure 2: RADIUS configuration
Test the Configuration
At this stage, the splash page and RADIUS configuration are complete. Unauthenticated users should be presented with the splash page. The Username and Password they enter into the splash page form will be authenticated for the RADIUS server. Only those users successfully authenticated by the RADIUS server will be allowed access to the Internet.
Note that in the case of a server configuration or runtime error, Datto Networking Cloud Management is designed to be fail-safe: if the specified RADIUS server cannot be reached, or is not configured correctly, the user will be given access for a period of time.