Bluesocket

Bluesocket

This page explains the configuration of Bluesocket wireless access points for external Captive Portal and RADIUS server authentication.

IronWiFi Console Configuration

  1. Log into the IronWiFi console or register for free
  2. Create a new network
  3. After that, create a new captive portal, with vendor Bluesocket

Access Point Configuration

Please log in to your Bluesocket WLAN controller

At the top click on Configuration and then on the left, under External Authentication click on Accounting

Click on Create Accounting Server and enter the following:

  • Name: guest1
  • Enabled: Ticked
  • IP Addressget this value from the IronWiFi console
  • Port: 1813
  • Shared Secretget this value from the IronWiFi console
  • Shared Secret Confirmation: as above
  • Timeout: 5
  • Retries: 5
  • Interim Updates Enabled: Ticked
  • Interim Update Interval: 300

Click Create Accounting Server

Click on Create Accounting Server again and enter the following:

  • Name: guest2
  • Enabled: Ticked
  • IP Addressget this value from the IronWiFi console
  • Port: 1813
  • Shared Secretget this value from the IronWiFi console
  • Shared Secret Confirmation: as above
  • Timeout: 5
  • Retries: 5
  • Interim Updates Enabled: Ticked
  • Interim Update Interval: 300

Click Create Accounting Server

Next, on the left, under External Authentication click on Servers. Click on Create Authentication Server and enter the following:

  • Type: RadiusWebAuthServer
  • Name: guest1
  • Accounting Server: guest1
  • IP Addressget this value from the IronWiFi console
  • Portget this value from the IronWiFi console
  • Shared Secretget this value from the IronWiFi console
  • Shared Secret Confirmation: as above
  • Timeout Weight: 1
  • Precedence: Highest
  • Role: Guest

Click on Create Authentication Server.

Click on Create Authentication Server again and enter the following:

  • Type: RadiusWebAuthServer
  • Name: guest2
  • Accounting Server: guest2
  • IP Addressget this value from the IronWiFi console
  • Portget this value from the IronWiFi console
  • Shared Secretget this value from the IronWiFi console
  • Shared Secret Confirmation: as above
  • Timeout Weight: 1
  • Precedence: Lowest
  • Role: Guest

Click on Create Authentication Server.

Next, on the left under Captive Portal, click on Forms. Click Create Login Form and enter the following:

  • Name: guest
  • Allow User Logins: Ticked
  • Allow Guest Logins: Unticked
  • Redirect Clients to an External URL: Ticked
  • Base URL of External Serverget this value from the IronWiFi console
  • Clients Access Point MAC Address: blue_ap
  • Client's Access Point Name: blue_ap_name
  • vWLAN IP Address: blue_controller
  • Client's Original URL: blue_destination
  • Client's MAC Address: blue_mac
  • Client's IP Address: blue_source
  • Client's Access Point SSID: blue_ssid
  • Client's VLAN ID: blue_vlan
  • Double Encoding of URI Parameters: Unticked
  • Include RADIUS Option Vendor option: Unticked

Click on Create Login Form.

Next, on the left, under Role Based Access Control click on Destinations. Click on Create Destination Hostname and enter:

  • Name: guestportal
  • Addressget this value from the IronWiFi console

Click on Create Destination. Now, for each of the below entries, create another destination hostname until you have added each one:

107.178.250.42

If you need to load resources from external servers (SAML, social login), you will need to add other entries as well, instructions to configure the walled garden list in this case are available here.

Next, on the left, click on Destination Groups. Click on Create Destination Group.

  • Name: guest
  • Destinations: Click the + sign beside each domain on the right hand list to add all of these to the left list. Be sure not to add the "Any" rule.

Click Create Destination Group

Next, on the left, click on Roles. Click on the Un-registered role. At the bottom, click on Append Firewall Rule and choose:

  • Policy: Allow
  • Service: Any
  • Direction: Both Ways
  • Destination: under "Destination Groups" choose guest

Click Update Role.

Next, on the left, click on Roles. Click on the Guest role. Under the Post Login Redirection section, enter:

URL Redirectget this value from the IronWiFi console

Click Update Role to save.

Next, on the left, under Wireless click on SSIDs. Click on Create SSID and enter the following:

Name: Guest WiFi (or whatever you wish)

Broadcast SSID: Ticked

Authentication: Open System

Cipher: Disabled

Login Form: guest

Role: Un-registered

Standby SSID: Unticked

Click on Create SSID.

Finally, you need to apply this new configuration to your AP's in the usual way. For example, go to the Status tab at the top and choose Access Points. Highlight the ones you are using and click the Apply button.

! You must also install a valid SSL certificate on your controller/AP, in order to avoid authentication issues !