Point Of Failure Detection Guide

This article walks you through debugging a basic captive portal / radius service.

Captive Portal Testing

1. Sign in to the IronWifi console, navigate to Networks -> Captive Portals and choose the captive portal you'd like to test.

2. After opening the captive portal settings, find the Splash Page URL value and click on it.

3. Try to complete the authentication process, if you do not see the authentication provider you want, go back to the captive portal settings, and scroll down to Authentication Providers -> Add New.

  • If you see the success page (You are now online), the captive portal as well as the RADIUS servers are up and running.
  • If you see any error message on the splash page after submitting the form, this is most likely related to your authentication provider (Credentials are incorrect, SAML / OAuth not configured properly).
  • You could also see an error message related to service usage (the user you are trying to sign in with has used up all their data / time allowance).
  • If the captive portal / splash page will not load at all, this is likely a global service outage or a licensing issue - contact us in both cases (support@ironwifi.com)

4. After you make sure that the captive portal is working well in test mode, you will need to try it on-site, while being connected to the configured SSID.

  • If the Splash Page is stuck in a loop, and the user ends up getting back to the original splash page URL after they try to authenticate, it is very likely that your hardware is not configured correctly.
  • If you do not see the Splash Page on your client device, try to open a web browser and go to neverssl.com. The operating system is responsible for opening up the captive portal assistant, if that doesn't happen, you might need to check your walled garden list settings on the AP / Controller.

While configuring your network infrastructure to use our captive portal for authentication, we suggest starting with the simple Anonymous (Click to connect) authentication provider. This way, you can easily verify whether or not your hardware is set up correctly.

You do not have to be on-site / connected to your SSID in order to test the captive portal functionality. Just open the Splash Page URL in your web browser (anywhere in the world), and give it a try. You do however, need to test the integration on site after the access point / hardware configuration is done.

RADIUS Testing

1. Sign in to the IronWifi Console and navigate to Networks. This is where you can see the RADIUS servers we have assigned to you. If you do not see any network, create one. You should be able to see the IP Address, Port Number and Shared Secret. There are two RADIUS servers under each network - Primary and Backup.

2. To test your RADIUS server, you will first need to create a testing user. Navigate to Users and click Add new. After that, you will need to click on the newly created user, and configure a password for them. This can be done by clicking on the "*****" (asterisk) symbols next to Password.

3. Now, you can use any RADIUS authentication testing tool to see if the server is responding correctly. We recommend our testing tool - https://www.ironwifi.com/authentication-testing-tool. The following values are necessary: IP Address, Port Number, Shared Secret (All under networks), Username and Password (All under users). You might also need a certificate, in case you want to test certificate authentication.

4. After you click Submit, you will either see an Access-Accept response or Access-Reject. In rare cases, you will not see any response in case the server is completely down. When trying to debug the Access-Reject response, please make sure your credentials are 100% correct, including IP Address, Port number and shared secret. Make sure you use the Authentication port number, not the Accounting port number.

In order for a captive portal authentication to work, both moving pieces (Captive Portal and RADIUS server) must be working and configured properly. For WPA Enterprise authentication, the Captive Portal is irrelevant (unless you use it to onboard new users).