How to configure Portal Authentication on Omada Controller

Configuration Guide
Updated 10-24-2024 09:57:03 AM 1204

Contents

Objective

Requirements

Introduction

Configuration

Configure a Portal on the Omada Controller

Configure the Authentication-Free Access Control Policy

Conclusion

Objective

This article describes how to configure Portal authentication and Authentication-Free Access Control policy on the Omada Controller.

Requirements

  • Omada Controller (Software Controller / Hardware Controller / Cloud-Based Controller, v5.9 and above)
  • Omada AP

Introduction

Portal authentication is an access authentication method, also known as web authentication. With the Portal feature configured on the Omada Controller, when wireless clients connect to the EAPs managed by the Omada Controller and try to access the internet, they will be directed to a preset web page that requires additional authentication information. Only wireless clients with valid credentials can access the internet through web authentication.

Portal is suitable for managing wireless client access in public places such as hotels, shopping malls, and airports. It provides flexibility in controlling network access and allows businesses to promote their services through a vivid customizable authentication page.

The article describes how to configure the Portal feature on the Omada Controller.

Moreover, if you want to allow clients to access specific URLs or allow specific clients to access the internet without portal authentication, you can configure the Access Control policy. There are two ways:

  • Pre-Authentication Access: With Pre-Authentication Access enabled, unauthenticated clients are allowed to access the subnets and web resources specified in the Pre-Authentication Access List.
  • Authentication-Free Client: With Authentication-Free Client enabled, specific clients can access the internet without authentication.

Note: When using the Portal, make sure your Omada Controller is running.

Configuration

Configure a Portal on the Omada Controller

Step 1. Log in to the Controller via web browser. Go to Site Settings > Authentication > Portal, and click Create New Portal.

Location to create a portal profile on the Controller.

Step 2. Enable Portal. You will see two sections: Create New Portal and Portal Customization.

The pop-up page after clicking Create New Portal, where you can enable or disable the Portal.

Step 3. In the Create New Portal section, set the Portal Name and select the SSID & Network to configure Portal authentication.

Portal configuration page, showing Portal Name and SSID & Network.

Step 4. Select the Authentication Type. Depending on the controller version, different authentication options may be available.

  • No Authentication: If selected, all wireless clients connected to the EAP can access the internet without any authentication. They will still see the preset login page.

Portal configuration page, showing the “No Authentication” authentication type.

  • Simple Password: If selected, all wireless clients connected to the EAP must authenticate with the password you set.

Portal configuration page, showing the “Simple Password” authentication type and Password.

  • Hotspot: If selected, clients can use one or more Hotspot authentication methods. Portal configuration page, showing the “Hotspot” authentication type.

Voucher

Customers can authenticate using a unique credential code generated by the Omada Controller for a specific duration. You can print the voucher codes from the Controller and distribute them to your customers. This helps you link your customers’ network access to your business.

Local User

Customers need to enter the correct username and password of the login account to pass the authentication.

SMS

Customers can authenticate with the verification code they receive on their mobile phones.

RADIUS

Customers need to enter the correct username and password stored in the RADIUS server to pass the authentication.

Form Auth

Customers need to fill out a questionnaire created by the network administrator to pass the authentication. This method can be used to gather feedback from customers.

  • RADIUS Server: If selected, clients can authenticate using the correct username and password stored in the RADIUS Server. Omada Controller includes a built-in RADIUS Server from version 5.12 onwards.

Portal configuration page, showing the “RADIUS Server” authentication type and RADIUS Profile.

  • External LDAP Server: If selected, clients can authenticate using an external LDAP server. This feature has been supported since Controller v5.12.
  • External Portal Server: If selected, clients can authenticate using an external Portal server. You need to specify the IP address or URL of the Portal server.

Portal configuration page, showing the “External Portal Server“ authentication type and Custom Portal Server.

Step 5. Configure other parameters in the Create New Portal section. Parameters may vary by Authentication Type.

  • Authentication Timeout: When the set time is reached, clients need to re-authenticate. This parameter is available when Authentication Type is No Authentication, Simple Password, RADIUS Server, or External LDAP Server.
  • Daily Limit: If enabled, clients cannot re-authenticate on the same day after the authentication expires. This parameter is available when Authentication Type is No Authentication.
  • NAS ID: Set the NAS ID field in the authentication packet, which is set to TP-Link by default. This parameter is available when Authentication Type is RADIUS server.
  • Disconnect Requests: Enable this feature if needed. This feature takes effect only when the RADIUS server can access the Controller.
  • Portal Logout: Allow users to log out of the portal by accessing a URL and cancel their authentication. This parameter is available when the Authentication Type is RADIUS server. It has been supported since Controller v5.14.
  • Authentication Mode: Supports PAP and CHAP authentication mode. This parameter is available when Authentication Type is RADIUS server. CHAP has been supported since Controller v5.12.
  • Portal Customization: Supports Local Web Portal and External Web Portal. For the Local Web Portal, the login page is provided by the built-in Portal Server of the Controller. For the External Web Portal, you need to specify the URL of the authentication login page provided by the External Web Portal server. This parameter is available when Authentication Type is RADIUS server or External LDAP Server.
  • HTTPS Redirection: If enabled, unauthenticated clients will be redirected to the HTTPS Portal authentication page. This parameter is available across all Portal authentication types.
  • Landing Page: Select a way to log in to the page according to your needs. This configuration option is available for all Portal authentication types.

Portal configuration page, showing Landing Page.

Step 6. In the Portal Customization section, select the Type to edit the current portal page or import a customized Portal file. Import your customized page in the Portal Customization section.

Edit the current page in the Portal Customization section.

Step 7. Customize other parameters, such as Language, Background, and Logo. You can preview the Portal page on PC and Mobile Phone in real time.

The preview of portal authentication page on PC and Mobile Phone.

You can also choose whether to show an advertisement image to users and configure the relevant settings in the Advertisement Options section.

Advertisement Options configuration page, where you can set the picture resource, advertisement duration and other parameters.

Step 8. Apply the settings.

Configure the Authentication-Free Access Control Policy

Step 1. Log in to the Controller via web browser. Go to Site Settings > Authentication > Portal>Access Control.

The position to enable Access Control on the Controller.

Step 2. Enable Pre-Authentication Access. Click Add.

Access Control configuration page, where you can enable Pre-Authentication Access.

Step 3. Select URL or IP Range.

Access Control configuration page, where you can choose IP Range or URL.

Step 4. Specify the entry and save the settings.

Access Control configuration page, with IP Range and URL specified.

Step 5. Check and apply the settings.

After finishing Access Control configurations, click Apply.

Step 6. Enable Authentication-Free Client and click Add.

Access Control configuration page, where you can enable Authentication-Free Client.

Step 7. Select IP Address or MAC Address and specify the clients. Then save the settings.

Configure IP Address and MAC Address on the Add Authentication-Free Client page.Step 8. Check and apply the settings.

After finishing Access Control configurations, click Apply.

Conclusion

You have now successfully configured Portal and Access Control on the Omada Controller.

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.

Looking for More

Is this faq useful?

Your feedback helps improve this site.

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

From United States?

Get products, events and services for your region.