Unifi Captive Portal For Guests
If you want to provide your guests with free and easy internet access, setting up a Unifi Captive Portal might be a good idea. While you just can create an extra wireless network (SSID) with a simple password, you also need to keep the security of your network in mind. You don’t want to give your guests access to your systems. By using the Unifi Guest Portal you can isolate the clients on your network and give them access for only a few hours.
Settings up the captive portal in the Unifi Control is pretty simple. By using the guest isolation option we can prevent the guest from accessing our network without creating VLANs. Another advantage is that you can use the captive portal to promote some of your products or services.
In this article, I am going to walk you through setting up and customizing the Unifi Captive Portal in the Unifi Controller. To the portal, you will need to make sure the controller is running 24/7. So if you have a controller running on your computer that you turn off or take with you, then you really need to buy the Unifi Cloud key.
Create a Guest User group
You might want to limit the amount of bandwidth the guests can use on your network. So before we start creating a Guest Network we first need to create a new user group. This allows us to set upload and download limits for the guests later on.
- Open Settings > User Groups
- Click Create New User Group
- Give the group a name: Guests
- Limit the upload and download bandwidth. For simple internet browsing, 5mbit download and 1mbit upload are enough. If you want to allow streaming you they need atleast 10mbit download.
- Click on Save
Creating a Unifi Guest Network
We need to create a new wireless network for our guests. We will make this a Guest Network which will add a few important restrictions:
- Pre and Post-Authorization Access. This will make sure the guest can access the captive portal for authentication. After they authenticated they won’t have access to the local network.
- Client Isolation. This will prevent the clients from sending broadcasts or unicast message to other clients in the same network.
To create the guest network open the Unifi Controller
- Go to Settings > Wireless Networks
- Click on Create New Wireless Network
- Give the wireless network a name. Something your guest will recognize as a guest network.
- Set the security to open. We will secure the network with the captive portal)
- Select Apply guest policies (captive portal, guest authentication, access)
- Expand the Advanced Options
- Select the User Group we just created.
We now have a guest network, but we still need to Set up the captive portal.
Configuring the Unifi Guest Portal
So we have the wireless network for our guest and limited the bandwidth they can use. Now all is left is to create the captive portal. Within the Unifi Controller under the Guest Control section, we can create our Guest Portal, set the authentication and duration of access. So if you have a barbershop you might want to give your customers only 2 hours of access. But if you are running a B&B you can give them a couple of days access to the wifi network.
Setting up the Guest Policies
First, we are going to set up the guest policies. Open the Guest Control page in the Unifi Controller under settings.
- Enable the Guest Portal
- Set a simple password, something your customers can easily fill in. welkom@mybusiness for example 😉
- Set the expiration, you can choose anything you like here.
- Landing Page: you can either redirect the customer back to the page he attempted to visit or send them to a promotion URL. This can be your business website with the latest deal on it for example.
- Enable the HTTPS Redirection.
Customize the Unifi Captive Portal
The next step is to customize the captive portal. This allows you to do some corporate branding and inform your guests about the wifi network. There are a few things you will need to keep in mind when you customize the portal.
- You can add a background picture, which is nice. But make sure you can still read the text. If you have a coffee shop for example, using a picture of coffee beans and your logo might work better then adding a photo of your shop.
- Inform the users what they get, free access for x hours or days.
- Add different language if you have foreign guests.
- Add the terms of service with what is allowed and what not.
Unifi recommends a background image of 920px width and 640px high. On some screens, this will result in borders besides your image. So use at least an image of 1280px by 720px. Also make sure your images are not big, adding a photo straight from your camera will take a few seconds to download. Compress the image before uploading it.
Access Control
The last step is to limit the access of the guest to your local network. Below the portal customization, you will find the access control. Here we need to enter the IP address of the controller so the guest users can see the captive portal.
So in the Pre-Authorization Access, we enter the IP address of the controller followed by /32. This will limit the clients from accessing anything else on the network until they are authenticated. For the Post-Authorization Restrictions, we enter the subnet of our local network. In my case 192.168.1.0/24. The /24 limits access to every network device in the range 192.168.1.1 to 192.168.1.254.
Managing the connected clients
Your Unifi Guest Portal is now ready for use. The guests can log in and access the internet, but how can you manage them? Within the controller, we can see on the Dashboard how many guests are connected to our network. If you click on the guest you will go to the Clients page filter on the Guests.
Here we can see all devices that are connected, how much data they used, to which access point they are connected and the uptime. But more important, this is also the place to block a client or to revoke the authorization.
Conclusion
I hope this article helpt you settings up your Unifi Guest Portal. If you have any questions just leave a comment below.