Captive Portal
      Back to home
      1. Help Center
      2. Access Point Instructions
      3. Captive Portal

      Alcatel-Lucent Instant (IAP)

      Access Point Instructions for Alcatel-Lucent Instant (IAP)

      This page explains the configuration of Alcatel-Lucent Instant (IAP) wireless access points for external Captive Portal and RADIUS server authentication.

      IronWiFi Console Configuration

      1. Log into the IronWiFi console or register for free
      2. Create a new network
      3. After that, create a new captive portal, with vendor Alcatel-Lucent Instant (IAP)

      Access Point Configuration

      Log in to your Alcatel-Lucent (Master) IAP

      Under Network at the top left, click on New

      Configure with:

      • Name (SSID): Guest WiFi (or whatever you wish)
      • Primary usage: Guest

      Click Next and configure with:

      • Client IP assignment: Virtual Controller managed
      • Client VLAN assignment: Default (unless you have a custom VLAN set up)

      Click Next and configure with:

      • Splash page type: External
      • Captive portal profile: Click the dropdown and choose New. Configure with:
      • Name: guestwifi
      • Type: Radius Authentication
      • IP or hostname: *insert access_domain here*
      • URL: /access/?iapmac=<ap-mac> (i.e. /access/?iapmac=00-0B-86-6E-C5-F8)
      • Port: 80
      • Use https: Disabled
      • Captive portal failure: Deny internet
      • Automatic URL whitelisting: Disabled
      • Redirect URL:

      Click OK to save

      • Auth server 1: Click the dropdown and choose New. Configure with:
      • Type: RADIUS
      • Name: guestwifi1
      • IP address:
      • Auth port: 1812
      • Acct port: 1813
      • Shared key:
      • Retype key: as abov

      Click OK to save

      • Auth server 2: Click the dropdown and choose New. Configure with
      • Type: RADIUS
      • Name: guestwifi2
      • IP address:
      • Auth port: 1812
      • Acct port: 1813
      • Shared key:
      • Retype key: as above

      Click OK to save

      • Reauth interval: 24 hrs
      • Accounting: Enabled
      • Accounting mode: Authentication
      • Accounting interval: 3 min
      • Blacklisting: Disabled
      • Walled garden: Click the link "Blacklist: 0 Whitelist: 0" and you will see the below screen:

      Under Whitelist Click New and add all the below domains one by one until all are in the list:

      *insert access_domain here*

      107.178.250.42

      If you need to load resources from external servers (SAML, social login), you will need to add other entries as well, instructions to configure the walled garden list in this case are available here.

      Press OK when all the domains have been added to save

      Click Next and configure with:

      • Access Rules: Role-based

      Under Roles click New and enter Preauth as the name
      Under Access Rules for Preauth click New and add the following rule:

      • Rule type: Access control
      • Service: Network - any
      • Action: Allow
      • Destination: to domain name
      • Domain name: *insert access_domain here*

      Click OK to save.

      You need to add a rule (just like you did above), for all the below domains:

      *insert access_domain here*

      107.178.250.42

      If you need to load resources from external servers (SAML, social login), you will need to add other entries as well, instructions to configure the walled garden list in this case are available here.

      • Assign pre-authentication role: select Preauth

      Click Finish to complete the set up.

      ! You must also install a valid SSL certificate on your controller/AP, in order to avoid authentication issues !