What do I need?
Before you configure this appliance, you will need a RADIUS Server license. You can reach out to firstname.lastname@example.org to obtain one.
- Once you have the license, paste it in Space Settings > Integrations > Radius
- Save the settings and then click on "Manage Radius Servers".
- Click on "Add Radius Server" and give it a meaningful name and a description. Choose the correct appliance vendor
- Once the server is created you can access its details to get the IP addresses, port numbers and secrets to used in the configuration of the appliance below.
You can configure UniFi in two ways. Using an external Captive Portal to authenticate user or using WPA-Enterprise. Use the correct steps for each mode.
Configuring UniFi Controller for external Captive Portal authentication
This option will present users with a splash page. It relies on your WiFi network to be open or to use a shared WiFi password. When users connect to it and open their browser, they will presented with a login screen where to type their email and pincode to connect to your network. You can also configure this appliance to use Enterprise Authentication using the instructions in the next section below.
Provide the public IP of your UniFi controller. The RADIUS servers need to be able to directly connect to your Controller (SW, Cloud Key) to authorise connecting devices. Controller URL is usually in format like this https://your_public_static_ip:8443. Make sure it is the PUBLIC IP address and it's reachable through the Internet (not internal address like 192.168.*.*, 172.16.*.*, or 10.*.*.*). You might need to configure port forwarding on your Internet router and firewall. If you are not sure, please consult with your ISP provider. This article may help you doing this. The source IPs connecting top your controllers are 18.104.22.168, or 22.214.171.124, or 126.96.36.199.
- Sign in to your UniFi Controller
- In Wireless network settings change the Security to Open and enable Guest Services
- Navigate to Guest services settings
- Select External Captive Portal
- Enter 188.8.131.52 in the IP address input field
- Check the redirect using hostname checkbox and enter the Splash pageURL here. You should have been provided the URL by the Nexudus team when they provided you with a license.
This page looks by default like this:
- Add 184.108.40.206/32 to the Pre-Authorization Access list
- Apply settings and try with your phone or computer
Configuring UniFi Controller for WPA-Enterprise
- Navigate to Wireless Networks and change Security to WPA-Enterprise. Add new RADIUS Authentication Servers and enter IP Address, Port and Shared Secret from the details of the Radius Server provided when you created the Radius Server above.
Make sure you use the same IP for both the Auth and Accounting servers. If you add a secondary Auth and Accounting servers then use the secondary IP provided.
Enable "Interim Update" if you have the option available.