Samsung WEC

NOTE: You need to be running firmware version 4.6.5R or above in order to proceed.


Log in to your Wireless Controller interface and click on Configuration at the top. On the left menu, choose Security > AAA > RADIUS.


Click Add and configure with the following:


  • Type: Auth/Acct
  • IP Address: *insert radius_server_ip here*
  • Shared Secret Format: ASCII
  • Shared Secret: *insert radius_secret here*
  • Confirm Shared Secret: as above
  • Auth Port Number: 1812
  • Acct Port Number: 1813
  • CoA: Enable
  • Password Type: MAC Address
  • MAC Delimiter: Hyphen
  • MAC Case: Upper
Click Apply to Save

Click Add again and configure with the following:


  • Type: Auth/Acct
  • IP Address: *insert radius_server2_ip here*
  • Shared Secret Format: ASCII
  • Shared Secret: *insert radius_secret here*
  • Confirm Shared Secret: as above
  • Auth Port Number: 1812
  • Acct Port Number: 1813
  • CoA: Enable
  • Password Type: MAC Address
  • MAC Delimiter: Hyphen
  • MAC Case: Upper

Click Apply to Save


Next, go to Security > Access Control Lists > IP ACL. Click Add and enter the following:


  • Name: guestwifi
  • Sequence: 1
  • Protocol: Any
  • Source: Any
  • Source Port: Any
  • Destination: URL: *insert access_domain here*
  • Destination Port: Any
  • Action: Permit
Click Apply to Save. You will be taken back to the ACL list. Click on the guestwifi name in order to add more rules. Click Add at the top and as per above, create a rule for each of the below destination URLs:

r1-portal.venuewifi.com
r2-portal.venuewifi.com
r3-portal.venuewifi.com
payment-r1.venuewifi.com
payment-r2.venuewifi.com
payment-r3.venuewifi.com
api.openweathermap.org
d1ldbb6wxu8wdm.cloudfront.net
api.stripe.com

If you wish to support social network logins, you also need to add further ACL rules for the destinations below for each network you plan to support

Facebook facebook.com
www.facebook.com
m.facebook.com
scontent-lhr3-1.xx.fbcdn.net
fbstatic-a.akamaihd.net
connect.facebook.net
Twitter twitter.com
www.twitter.com
api.twitter.com
abs.twimg.com
abs-0.twimg.com
LinkedIn linkedin.com
www.linkedin.com
touch.linkedin.com
static.licdn.com
Instagram instagram.com
www.instagram.com
instagramstatic-a.akamaihd.net
Weibo weibo.com
www.weibo.com
login.sina.com.cn
VKontakte vk.me
www.vk.me
vk.com
www.vk.com

 


Next, click on Security > Captive Portal > Web Service and set both the Domain Name and IP Address to the local IP address of your controller (Same IP as you access the web interface in your browser). Click Apply to Save.


Next, click on WLANs > WLANs and click Add. Configure with the following:
  • Profile Name: guestwifi
  • SSID: Guest WiFi (or whatever you wish)
  • Interface Group: Select your preferred interface
  • Radio Area: 2.4GHz/5GHz

Click Apply to Save. Now, click on the WLAN ID you just created.

On the General tab, configure:
  • AAA Override: Enable
  • Admin Status: Enable

Click Apply to Save. On the Security > L2 tab, configure:
  • L2 Security Type: None

Click Apply to Save. On the Security tab > L3 tab, configure:

  • Web Policy: Enablechoose Web Authentication from the list
  • Pre-Authentication ACL: guestwifi
  • Web Page Type: External
  • URL: *insert access_url here*

Under Web Authentication:
  • Server Type: RADIUS
  • Primary RADIUS Server: *insert radius_server_ip here* : 1812
  • Secondary RADIUS Server: *insert radius_server2_ip here* : 1812
  • Cache Duration: 30
  • After Authentication: Select Redirect URL and enter: *insert redirect_url here*

Under Web Accounting:
  • Primary RADIUS Server: *insert radius_server_ip here* : 1813
  • Accounting Interval: 3


Click Apply to Save.


Next, click Administration at the top and then HTTP-HTTPS on the left. Configure with the following:

  • HTTP: Enable
  • Captive Portal Port: 80
Click Apply to Save.


The final step is to SSH or console in to the controller to run a command. This is required in order for authentication to work correctly. Once logged in to the console, enter the following commands one line at a time:


# conf t

security captive-portal radius-called-station-id ap-mac

exit

save local

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.