Skip to end of metadata
Go to start of metadata

What do I need?

Before you configure this appliance, you will need a RADIUS Server license. You can reach out to support@nexudus.com to obtain one.

  1. Once you have the license, paste it in Space Settings > Integrations > Radius



  2. Save the settings and then click on "Manage Radius Servers".
  3. Click on "Add Radius Server" and give it a meaningful name and a description. Choose the correct appliance vendor




  4. Once the server is created you can access its details to get the IP addresses, port numbers and secrets to used in the configuration of the appliance below.


Each license comes with two geographically redundant servers for RADIUS Authentication and RADIUS Accounting. We will create these as close as possible to your physical location based on the data-centers we have available.


Assumptions

  1. SonicWall Access Point is setup and running the latest firmware.
  2. 802.1x SSID is already configured.
  3. DHCP and DNS are appropriately configured.
  4. SonicWall Access Point can communicate with the Radius servers.
  5. The Guest SSID VLAN can communicate with Radius servers.
  6. All systems are appropriately licensed.

Instructions

Sign in to SonicWall Administration Interface. Click Network, click Zones and click WLAN edit button.

sonicwall_1


Leave the "General" options default and click Guest Services

sonicwall_2

Check Enable Guest Services and check Enable External Guest Authentication. Change the Max Guests value to 255.

sonicwall_3

Select HTTP client Redirect Protocol.

Under "Web Server", select HTTPS protocol and create a new object for Splash page - FQDN hostname is the splash page URL provided by us.

Enter 443 as the Port Number.

sonicwall_4

Select Auth Pages tab and enter "/api/pages/xxxxxx/" to all input fields. "xxxxxx" is your Splash page identifier as provided by us.

sonicwall_5

Review other settings and click OK to save Changes.

sonicwall_6

sonicwall_7

The last step is to Allow remote connections on your Firewall. We need to be able to connect to the SonicWall Guest Services to authorize connected clients. Guest Services are listening on port 4043 and the radius server will try to connect to the URL in this format:

https://SOURCE_IP_ADDRESS:4043

* SOURCE_IP_ADDRESS - IP address that we have received the authentication request from

We will be connecting directly from the web server, so no further changes are required in your SonicWall firewall rules.

Common Errors

We need to be able to connect to your Access Point to authorize connecting device. If not successful, the Captive Portal will return different error codes in the error_message parameter.

  • sonicwall_gw_connection_failed - our servers could not connect to your SonicWall AP. Make sure the Access Point Guest Services port is reachable over the internet, check your firewall settings and port forwarding rules if necessary. The Guest Services service is listening on port 4043/TCP by default and you can override this value using the Controller URL parameter in the Captive Portal settings in our Console.