New Feature                                               Need help? Try our Zyxel Search AI feature Try Now!

Nebula - Configure Captive Portal via SSID Wireless (WiFi) icon

Avatar
Raphael
  • Updated

This article will show you how to configure captive portal via WiFi, with click-to-continue, using an external captive portal URL, or using captive portal to authenticate users via Nebula Cloud Authentication. This will show you how to configure when users should re-authenticate, using strict policy to block users from accessing internet, how to avoid the IT administrator needing to authenticate users manually etc. Also, how to customize your captive portal via HTML & CSS. 

When setting up WiFi, you might want to create a sophisticated guest WiFi with a captive portal - this tutorial will show you how to set up an SSID with the Captive portal function on the Nebula Control Center

In our scenario, we want to create a Guest SSID (WiFi) for our guests, but we want them to go through our Captive Portal before they are able to enter the internet from their device.

Preparation Steps

  1. Log in to your Nebula Control Center
  2. Select your organization
  3. Make sure that your AP(s) is/are online

Configure WiFi SSID settings

  • Navigate to Site-wide -> Configure -> WiFi SSID settings.
  • Then configure your guest SSID by enabling "Advanced mode", so you can see all settings. 
  • Tick the box "Enabled" to enable the second SSID and make it a layer 2 isolated SSID, by ticking "Guest Network" as below
  • Save.

Configure SSID Advanced settings

  • Navigate to Site-wide -> Configure -> Access points -> SSID Advanced settings
  • Tick "Click-to-continue" to enable guests to first enter a web portal, before they're able to move on to surf the internet
  • Save

Captive portal - Walled garden

One IP address/domain in one line to specify your walled garden.
Example:

*.zyxel.com
www.zyxel.com
192.168.1.0/24

Configure Captive Portal Customization

  • Navigate to Site-wide -> Configure -> Access points -> Captive Portal Customization
  • If you want to upload your logo, you can do that by clicking "Choose file" (this will be shown for all users logging into the Guest WiFi via Captive Portal)

Verify your Results

In the logs, it says that the user has used ClickToContinue to log in via the captive portal

Configure External Captive Portal URL 

  • Enable External Captive Portal URL

If you're having your own Captive Portal, you can use it by navigating to

Site-wide -> Configure -> Access points -> Captive Portal Customization

Scroll down to External Captive Portal URL and insert the URL in this format:

https://example.com

Configure Captive Portal Advanced Settings

Because we're using "zyxel.com" as our captive portal, we need to re-configure our captive portal settings from "Block all access until sign-on" to "Allow HTTPS traffic without sign-on" because this website is 

  • not a sign-on website
  • It's located on the internet

Navigate to

Site-wide -> Configure -> Access points -> Captive Portal Customization

Then select "Allow HTTPS traffic without sign-on" and hit save.

 

Sign-in Method - Configure Captive Portal via Nebula Cloud Authentication

Navigate to

Site-wide -> Configure -> Access points -> SSID advanced Settings

Then select the correct "SSID" and then change the "Sign-in method" to Nebula Cloud Authentication.

Configure "Captive Portal Advanced Setting"

Walled Garden - the "garden" is what websites that the user is allowed to reach without login via Captive Portal (e.g. 192.168.1.34, 192.168.1.0/24, https://zyxel.com). If you have an external Captive Portal, you may enter the website, or IP address of the captive portal

Self-registration - Allow the users to create their own WiFi accounts and then choose if the IT administrator needs to accept their request or if their request is accepted automatically. You can also deny users from creating their own cloud accounts.

Simultaneous login limit - Select if you want to limit the amount of users that can login to the Guest WiFi via Captive Portal

Scrict Policy - Select if users are blocked from internet before Captive Portal authentication, or if they can surf the internet via HTTPS. 

Reauth time - Select a specific re-authentication time for users that have already logged in. Default is set to "Follow site-wide Settings" which is default set to "Every day". This means that the users needs to re-authenticate to the Captive Portal site the next day they're entering the Guest WiFi.

NCAS disconnect behavior - If the Nebula cloud servers are unavailable and the users are not able to authenticate via Captive Portal, choose if you want to allow the users to surf the web anyway, or if they're blocked from the internet until the nebula cloud servers are reachable again.

Configure Nebula Cloud Authentication 

This is optional, if you want to create cloud users yourself, or if you want them to manually create users for themselves. If you want the users to create users themselves, you can skip this step.

  • Navigate to Site-wide -> Configure -> Cloud Authentication
  • Click "Add" to add a new Cloud user
  • Create the cloud user

Verify your Results

Login to the WiFi and then create your account

Check the email inbox to confirm your email

  • Click on the "Please confirm your account here":

 

Then the user will confirm the email and get this message:

Note: We need to update the user settings

Because we have selected the strict "Self-registration, before we need to manually authorize the users in Nebula Cloud Center before the guests can enter. 

Note! If we don't want to authorize everyone, change this to "Allow users to create accounts with auto-authorized" by navigating to

Site-wide -> Configure Access points -> SSID advanced Settings

Then select the Guest SSID and scroll down to "Captive portal Advance Setting."

Log in with the user credentials

Advanced Captive Portal Settings - Re-Authentication Settings

Navigate to Site-wide -> Configure -> Site Settings

Navigate to "Captive Portal Reauthentication" section and select if you want the users to authenticate every half hour, every day, every 30 days etc.

Configure Captive Portal Behavior

After the user has successfully logged in via Captive Portal, you can choose for the user to stay on the "success page", or you can re-direct the user to another URL - your website, or maybe your webshop for promotion purposes.

Configure & Customize a Captive Portal Theme

You can customize the whole Captive Portal journey for the users, where you can edit the buttons, fonts, colors and other appearances in the Captive Portal journey. Creating a copy allows you to modify the design without changing the original template. This ensures safe customization, keeps the default version unchanged, and allows you to revert if needed.

Click Copy on the selected theme to create a duplicate.

Select the newly created copy (it will appear on the right).

Click the settings (gear) icon to open the configuration and edit the design.

In the next window, the user can:

  • Rename the theme in the Theme name section.

  • Customize design elements such as font and color.

  • Select and edit different portal pages (e.g., user_login.html, click_to_continue.html, voucher.html, etc.).

  • Click any element in the preview area on the right to modify its content or style.

  • Save and apply the changes after editing.

Click the HTML (</>) icon to switch to code view.
This allows the user to directly edit the HTML source code of the selected portal page for advanced customization.
 

Edit the HTML code of the selected page according to your requirements.
After making the necessary changes, click Save to store the modifications.

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.