Configure a guest Wi-Fi network

In this topic, you will learn how to configure a guest Wi-Fi network in Portnox™ Cloud.

Note: The Portnox Cloud guest Wi-Fi network works with the cloud RADIUS servers. To create your own cloud RADIUS instance, follow the instructions in the following topic: Create cloud RADIUS servers.

The guest Wi-Fi network is a separate Wi-Fi network with a unique SSID, which lets guests of your organization access the Internet and limited local resources with no connection to the corporate network. When a guest connects to your guest Wi-Fi network using a shared password or no password, they can be redirected to a captive portal. After they complete the steps in the captive portal, the Wi-Fi access point connects them to the Internet and selected local resources.

Most Wi-Fi controllers allow you to create a guest network and let you create a simple captive portal managed by the controller. The Portnox Cloud captive portal gives you some unique choices such as the ability for organization employees to authorize guests. This is possible, because it works together with the RADIUS server.

There is no universal standard or protocol for captive portals. The Portnox Cloud captive portal works only with the following network controllers and their internal standards:

  • Cisco Meraki

  • Cisco

  • HPE Aruba

  • RUCKUS Networks

  • Juniper Mist

  • Extreme networks (Aerohive)

  • WatchGuard

To set up the Portnox Cloud guest Wi-Fi network, follow these steps.

  1. In the Cloud portal top menu, click on the Settings option.

  2. In the right-hand side pane, find and click on the CLEAR CAPTIVE PORTAL SERVICE heading.

  3. Click on the Edit link and then activate the Enable CLEAR Captive Portal checkbox.

  4. Click on the Save button below to save the default configuration.

    You need to save the configuration so that Portnox Cloud creates the portal for you and generates your unique URL.

  5. Click on the Edit link again to edit the captive portal settings.

  6. In the Url field, click on the  ⧉  icon to copy the unique URL of your captive portal.

    You need to enter this URL in the configuration of your network controller. Refer to your network controller documentation for specific instructions.

  7. In the IP (for walled garden) field, copy the IP addresses of the captive portal.

    You need to enter these IP addresses in the configuration of your network controller as a walled garden. This means: the IP addresses that the guest can connect to before they authenticate in the captive portal. If not, the guest device will not be able to access the captive portal.

  8. In the Shared Secret field, enter the shared secret specific for the controller.

    • Ruckus: Enter the NBI password generated in Ruckus ZoneDirector.

    • Mist: Enter the API secret value from the guest portal configuration in the Mist management console.

    • WatchGuard: Enter the shared secret that you entered or will enter in the WatchGuard XTM.

    For other brands of controllers, you do not need to enter a shared secret.

  9. In the Authentication type field, select the type of authentication that users will be asked for when connecting to the captive portal.

    • CLEAR guest: Only guests manually added by the Portnox Cloud administrator can authenticate. The administrator sends the credentials via email.

    • No authentication (disclaimer only): Guests do not need to authenticate, only accept the disclaimer or terms of service.

    • Credentials sent via text message (SMS): Guests enter their mobile number and then receive credentials sent to this number via a text message (SMS).

    • Sponsored guest: Guests are asked to provide an email address of a sponsor from the organization.

      The sponsor receives an email request to confirm.

      If the sponsor confirms, the guest receives credentials.

  10. In the Session Expiration field, select the period after which the guest session expires.

    While the session is active, if the guest connects to the guest Wi-Fi network again, they won’t need to provide their credentials (if required) again. After the session expires, if the guest is still connected, they will be disconnected. To reconnect, they must access the captive portal again and provide credentials (if required).

  11. In the Disclaimer (“Acceptable Use” statement): field, enter any formatted text that you want the users to be asked to accept before they connect to the guest Wi-Fi network.
  12. In the Logo field, click on the Portnox™ Cloud logo to replace it with your own logo or click on the  🗑  icon to show no logo in your captive portal.
  13. Click on the Save button to save your changes.
Note: Portnox Cloud counts the number of concurrently connected guests devices. If a device remains connected, the count will be reduced by one on the following day. However, if a guest device gets disconnected, and if the duration of the previous connection has not exceeded the value specified in the Session Expiration property, the next connection from the same device will be allowed without authentication in the Captive Portal. Otherwise, the connection will be counted as a new device, so the count will increase by one.

For specific instructions on setting up guest Wi-Fi access on specific network controllers, see the following topic: Configure wireless devices to work with Portnox Cloud.