Purpose
This guide shows how to configure a Ubiquiti Networks controller to integrate access points with Cloud4Wi.
The images in this document might contain outdated configuration data. Therefore, please check the data contained in the article "Parameters for the Solution" at the bottom of the page, as they are certainly up to date.
IMPORTANT: integration notes
This article applies to Ubiquiti UniFi SDN Controller with firmware 5.10.x and 7.3.x.
Firmware versions starting from 7.4 are no longer supported.
Please note that in the past we have encountered some issues with a few versions of the controllers or access points. Ubiquiti usually fixes this problem quickly, by releasing a new version.
All controller versions from 5.10.x onwards are supported. In case you're using an older version, you must follow the requirements below:
- Upgrade all your Ubiquiti to the last version
- You cannot use access points from other hardware manufacturers or firmware, so remove all of them
- You need to remove all the users created by using Ubiquiti 5.8.x or older, and other hardware manufacturers or firmware
If your locations are set with Identity domain = "Organization", then you need to apply these rules to the entire organization, or set Identity domain = "Locations".
Prerequisites
If you wish to use the UniFi SDN Controller, we need some data from you to process an activation on our side.
In that case, please open a ticket in our Support Center, tell us that you want to use Ubiquiti equipment, and provide us with the public IP address of your controller.
To correctly integrate Ubiquiti Networks devices, it is necessary that:
- the controller is up and running when you configure it
- the controller is up and running when you are providing the service to your guests
- client devices must reach the controller to ports 8080, 8880, and 8443, by using a public IP address
- you download and extract our RAR archive onto the controller server, as specified in the next paragraph
Note: on the server-side, it is strongly recommended to have the web UI configured to be accessible through secure connections (HTTPS).
To ensure proper user experience, you have to upload a trusted certificate into the controller.
Copying the RAR archive
To correctly redirect guests to our Splash Page, it is necessary to extract the RAR archive onto the controller server.
Before extracting the RAR archive, you need to check your settings. Log in to the Unifi Controller web UI, go to Settings > Guest Control, find the Portal Customization tab, and set:
- Template Engine: "AngularJS"
- Override Default Templates: "Override templates with custom changes"
Note: it is important to do this action before extracting the RAR archive. Otherwise, the destination path for your files might not be available.
After this step, you can extract the RAR archive. The destination path depends on the OS which hosts your Controller.
- If your system is Linux, extract the archive to /usr/lib/unifi/data/sites/default/app-unifi-hotspot-portal
- If your system is Mac, extract the archive to ~/Library/Application Support/UniFi/data/sites/default/app-unifi-hotspot-portal
- If your system is Windows, extract the archive to Ubiquiti UniFi\data\sites\default\app-unifi-hotspot-portal
Please rename the old index.html file to index.html.default before proceeding with the override.
Once done, please check that the file c4w_unifi.js includes the redirection to our Splash Page in the c4wPortal variable, as shown below:
var c4wPortal="https://splashportal.cloud4wi.com";
In case you have a Cloud Key:
- Restart the Cloud Key and extract the RAR archive on your PC
- Download WinSCP for CK’s file system inspection, at https://winscp.net/eng/download.php
- Select SFTP protocol, port 22 for configuring the file transfer.
After accessing the file system, go to /srv/unifi/data/sites/<site_name>/app-unifi-hotspot-portal (for example, in case the Default site is using the correct path is /srv/unifi/data/sites/<site_name>/app-unifi-hotspot-portal /srv/unifi/data/sites/default/app-unifi-hotspot-portal - Please rename the old index.html file to index.html.default before proceeding with the override and copy there the extracted files.
- Copy also c4w_unifi.js file into /srv/unifi/data/sites/default/app-unifi-hotspot-portal/js
SSID setup
To set up your SSID, go to Settings > Wireless Networks and create or edit your wireless network.
RADIUS server configuration
To set up your SSID, go to Settings > Profiles and create or edit your RADIUS server configuration.
It is necessary to check Enable accounting and Enable Interim Update, and set RADIUS Auth Server and RADIUS Accounting Server accordingly with the data specified in the "Parameters for the Solution" paragraph.
Hotspot configuration
Go to Settings > Guest Control.
Splash Page
Find the Guest Policies tab and configure the options as follows:
- Guest Portal: check the "Enable Guest Portal" option
- Authentication: Hotspot
- Landing Page: Promotional URL → https://splashportal.cloud4wi.com
- Redirection: check only the "Enable HTTPS Redirection" option
Find the Hotspot tab, check Enable RADIUS-based authorization, and uncheck all the other options.
Find the RADIUS tab and configure the options as follows:
- Profile: (select the profile name you set up in the previous step)
-
Authentication type: CHAP
Walled Garden
Find the Guest Policies tab and enter here your required entries. The following ones are mandatory:
Splash Page entries
- 54.247.117.188
CDN entries
- 50.18.178.180
- 54.248.102.194
- 54.246.86.254
- 46.137.206.166
- 54.232.119.5
- 54.253.118.101
Note: currently, the controller does not support the insertion of domains, so you are required to enter IP addresses.
You can learn more about this by reading the following articles:
- Walled garden for the Social Login (websites/domains to open)
- Walled garden for PayPal feature (websites/domains to open)
Parameters for the Solution
The parameters indicated above for the Mode Settings section are mandatory for proper functioning. The necessary parameters to integrate the device with the Solution are the following:
-
RADIUS Auth Server
(Primary) IP Address: 54.247.117.188; Port: 1812
(Secondary) IP Address: 79.125.111.180; Port: 1812 -
RADIUS Accounting Server
(Primary) IP Address: 54.247.117.188; Port: 1813
(Secondary) IP Address: 79.125.111.180; Port: 1813
The Password/Shared Secret will be communicated privately by our Team.
If these parameters change in the future, we will promptly inform you about new values.