Draytek

Access Point Instructions for Draytek

This page explains the configuration of Draytek wireless access points for external Captive Portal and RADIUS server authentication.

IronWifi Console Configuration

  1. Log into the IronWifi console or register for free
  2. Create a new network
  3. After that, create a new captive portal, with vendor Draytek

Access Point Configuration

NOTE: You will require the Vigor 2862, 3220, 2926, 2952 Series with 3.9.0 firmware or above in order to continue.

Log in to your Draytek Web Interface and click Hotspot Web Portal >> Profile Setup on the left menu.

Click an available Index, i.e. 1 and configure with:

  • Enable this profile: Yes
  • Portal Method: External Server
  • Captive Portal URLget this value from the IronWifi console
  • Redirection URLget this value from the IronWifi console
  • Authentication Method: Click External RADIUS Server and set:
    • Enable: Yes
    • Server IP Addressget this value from the IronWifi console
    • Destination Portget this value from the IronWifi console
    • Shared Secretget this value from the IronWifi console
    • Confirm Shared Secretget this value from the IronWifi console
    • Enable Accounting: Yes
    • Accounting Portget this value from the IronWifi console

Click OK to Save

  • MAC Address Format: AA-BB-CC-DD-EE-FF

Click Save and Next. Now, click the Dest Domain tab and add the following entries, one per index:

107.178.250.42

If you need to load resources from external servers (SAML, social login), you will need to add other entries as well, instructions to configure the walled garden list in this case are available here.

Click Save and Next then configure with:

  • Expired Time After Activation: 0 days 6 hours 0 min (or whatever you wish)
  • HTTPS Redirection: No
  • Captive Portal Detection: Yes
  • Landing Page After Authentication:
  • Applied Interfaces: Select which SSID(s) you wish to enable the service on

Click Finish to Save. Please ensure you reboot the router before continuing as this is a pre-requisite for the setting to apply.

! You must also install a valid SSL certificate on your controller/AP, in order to avoid authentication issues !