How to configure Portal Authentication on Omada Controller
Contents
Configure a Portal on the Omada Controller
Configure the Authentication-Free Access Control Policy
Objective
This article describes how to configure Portal authentication and Authentication-Free Access Control policy on the Omada Controller.
Requirements
- Omada Controller (Software Controller / Hardware Controller / Cloud-Based Controller, v5.9 and above)
- Omada AP
Introduction
Portal authentication is an access authentication method, also known as web authentication. With the Portal feature configured on the Omada Controller, when wireless clients connect to the EAPs managed by the Omada Controller and try to access the internet, they will be directed to a preset web page that requires additional authentication information. Only wireless clients with valid credentials can access the internet through web authentication.
Portal is suitable for managing wireless client access in public places such as hotels, shopping malls, and airports. It provides flexibility in controlling network access and allows businesses to promote their services through a vivid customizable authentication page.
The article describes how to configure the Portal feature on the Omada Controller.
Moreover, if you want to allow clients to access specific URLs or allow specific clients to access the internet without portal authentication, you can configure the Access Control policy. There are two ways:
- Pre-Authentication Access: With Pre-Authentication Access enabled, unauthenticated clients are allowed to access the subnets and web resources specified in the Pre-Authentication Access List.
- Authentication-Free Client: With Authentication-Free Client enabled, specific clients can access the internet without authentication.
Note: When using the Portal, make sure your Omada Controller is running.
Configuration
Configure a Portal on the Omada Controller
Step 1. Log in to the Controller via web browser. Go to Site Settings > Authentication > Portal, and click Create New Portal.
Step 2. Enable Portal. You will see two sections: Create New Portal and Portal Customization.
Step 3. In the Create New Portal section, set the Portal Name and select the SSID & Network to configure Portal authentication.
Step 4. Select the Authentication Type. Depending on the controller version, different authentication options may be available.
- No Authentication: If selected, all wireless clients connected to the EAP can access the internet without any authentication. They will still see the preset login page.
- Simple Password: If selected, all wireless clients connected to the EAP must authenticate with the password you set.
- Hotspot: If selected, clients can use one or more Hotspot authentication methods.
Voucher
Customers can authenticate using a unique credential code generated by the Omada Controller for a specific duration. You can print the voucher codes from the Controller and distribute them to your customers. This helps you link your customers’ network access to your business.
Local User
Customers need to enter the correct username and password of the login account to pass the authentication.
SMS
Customers can authenticate with the verification code they receive on their mobile phones.
RADIUS
Customers need to enter the correct username and password stored in the RADIUS server to pass the authentication.
Form Auth
Customers need to fill out a questionnaire created by the network administrator to pass the authentication. This method can be used to gather feedback from customers.
- RADIUS Server: If selected, clients can authenticate using the correct username and password stored in the RADIUS Server. Omada Controller includes a built-in RADIUS Server from version 5.12 onwards.
- External LDAP Server: If selected, clients can authenticate using an external LDAP server. This feature has been supported since Controller v5.12.
- External Portal Server: If selected, clients can authenticate using an external Portal server. You need to specify the IP address or URL of the Portal server.
Step 5. Configure other parameters in the Create New Portal section. Parameters may vary by Authentication Type.
- Authentication Timeout: When the set time is reached, clients need to re-authenticate. This parameter is available when Authentication Type is No Authentication, Simple Password, RADIUS Server, or External LDAP Server.
- Daily Limit: If enabled, clients cannot re-authenticate on the same day after the authentication expires. This parameter is available when Authentication Type is No Authentication.
- NAS ID: Set the NAS ID field in the authentication packet, which is set to TP-Link by default. This parameter is available when Authentication Type is RADIUS server.
- Disconnect Requests: Enable this feature if needed. This feature takes effect only when the RADIUS server can access the Controller.
- Portal Logout: Allow users to log out of the portal by accessing a URL and cancel their authentication. This parameter is available when the Authentication Type is RADIUS server. It has been supported since Controller v5.14.
- Authentication Mode: Supports PAP and CHAP authentication mode. This parameter is available when Authentication Type is RADIUS server. CHAP has been supported since Controller v5.12.
- Portal Customization: Supports Local Web Portal and External Web Portal. For the Local Web Portal, the login page is provided by the built-in Portal Server of the Controller. For the External Web Portal, you need to specify the URL of the authentication login page provided by the External Web Portal server. This parameter is available when Authentication Type is RADIUS server or External LDAP Server.
- HTTPS Redirection: If enabled, unauthenticated clients will be redirected to the HTTPS Portal authentication page. This parameter is available across all Portal authentication types.
- Landing Page: Select a way to log in to the page according to your needs. This configuration option is available for all Portal authentication types.
Step 6. In the Portal Customization section, select the Type to edit the current portal page or import a customized Portal file. 
Step 7. Customize other parameters, such as Language, Background, and Logo. You can preview the Portal page on PC and Mobile Phone in real time.
You can also choose whether to show an advertisement image to users and configure the relevant settings in the Advertisement Options section.
Step 8. Apply the settings.
Configure the Authentication-Free Access Control Policy
Step 1. Log in to the Controller via web browser. Go to Site Settings > Authentication > Portal>Access Control.
Step 2. Enable Pre-Authentication Access. Click Add.
Step 3. Select URL or IP Range.
Step 4. Specify the entry and save the settings.
Step 5. Check and apply the settings.
Step 6. Enable Authentication-Free Client and click Add.
Step 7. Select IP Address or MAC Address and specify the clients. Then save the settings.
Step 8. Check and apply the settings.
Conclusion
You have now successfully configured Portal and Access Control on the Omada Controller.
Get to know more details of each function and configuration please go to Download Center to download the manual of your product.