You can configure UniFi in two ways. Using an external Captive Portal to authenticate user or using WPA-Enterprise. Use the correct steps for each mode.
|Table of Content Zone|
Configuring UniFi Controller for for external Captive Portal authentication
This option will present users with a splash page. It relies on your WiFi network to be open or to use a shared WiFi password. When users connect to it and open their browser, they will presented with a login screen where to type their email and pincode to connect to your network. You can also configure this appliance to use Enterprise Authentication using the instructions in the next section below.
- Provide the public IP of your UniFi controller. The RADIUS servers need to be able to directly connect to your Controller (SW, Cloud Key) to authorise connecting devices. Controller URL is usually in format like this https://your_public_static_ip:8443. Make sure it is the PUBLIC IP address and it's reachable through the Internet (not internal address like 192.168.*.*, 172.16.*.*, or 10.*.*.*). You might need to configure port forwarding on your Internet router and firewall. If you are not sure, please consult with your ISP provider.
- Sign in to your UniFi Controller
- In Wireless network settings change the Security to Open and enable Guest Services
- Navigate to Guest services settings
- Select External Captive Portal
- Enter 220.127.116.11 in the IP address input field
- Check the redirect using hostname checkbox and enter the Splash
- pageURL here. It should be "". XYZ is the subdomain of your account as found in System > Spaces > your space name > Web Address.
This page looks by default like this:
- Add 18.104.22.168/32 to the Pre-Authorization Access list
- Apply settings and try with your phone or computer
Configuring UniFi Controller for WPA-Enterprise
- Navigate to Wireless Networks and change Security to WPA-Enterprise.
- Add new RADIUS Authentication Servers and enter IP Address, Port and Shared Secret from the details of the Radius Server provided when you created the Radius Server above.
Make sure you use the same IP for both the Auth and Accounting servers. If you add a secondary Auth and Accounting servers then use the secondary IP provided.
Enable "Interim Update" if you have the option available.
|Content by Label|