DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
Setup Wireless Guest Portal
- frag
- Offline
- Member
-
03 Feb 2012 10:37 #7
by frag
Replied by frag on topic Re: Setup Wireless Guest Portal
Enough of the draytek hate, save that for apple products. The fact of the matter is that this feature DOES work. A router which has all of these features for a measley 200 quid? Still the best product available despite the lack of documentation if you ask me. You want a better service? Go pay 2 grand for a cisco product with the same features and spend 2 hours on the phone to their american first line support team.
That being said; I totally understand your frustrations, clients are a b*tch. Here's a breakdown of what you need to do to get it to work:
1. Configure the VLAN options so that the second SSID is isolated from the main LAN. At this point you should also make sure that the second VLAN is running on the LAN2 subnet.
2. Configure the LAN2 subnet to work in the 192.168.2.1 IP range (change to your particular tastes)
3. Go to the User Management section on the router. Go to the General Setup page on the router and make sure it is set to user based mode. Create a login called Guest and enter an appropriate password. Configure the rest of profile to your particular needs. Ie, idle timeout values, time quota's etc. You should then make this password publicly available. Ie, give it to guests or have it written down somewhere where they can see it.
4. Go to the User Management General Setup page and configure the Landing page to your needs. The field on the router supports html so you can configure this to your hearts desire. 10 points if you do something fancy.
At this point any device connecting to the internet will be asked for a username and password. Once this has been entered they will be redirected to the landing page. This is great, but we dont want this behaviour for the LAN1 users. The next step is to create a firewall rule:
5. Go to the firewall filter setup page and then add the following rule to the default data filter:
Direction LAN to WAN
Source: Subnet address 192.168.1.1 (LAN1 subnet, change to your subnet) subnet mask 255.255.255.0
Destination Address: Any
Service Type: Any
Action Pass Immediately.
All other settings can be left as default. This rule will pass all traffic belonging to the first LAN straight out without it being subject to the user management set up on the router. With this rule in place all LAN user's should have normaly access to the internet whereas all devices connecting to the second SSID will be subject to the login/landing page configuration. I believe this is the setup Voodle was referring to (feel free to correct me if I'm wrong).
In regards to the HTTPS certification issue... all user access currently uses HTTPS on the draytek device. You should be able to add a local certificate to the router from the certficate management section of the router to stop your web browser from displaying these messages.
Ps. I accept payment for my services in tea and biscuits.
That being said; I totally understand your frustrations, clients are a b*tch. Here's a breakdown of what you need to do to get it to work:
1. Configure the VLAN options so that the second SSID is isolated from the main LAN. At this point you should also make sure that the second VLAN is running on the LAN2 subnet.
2. Configure the LAN2 subnet to work in the 192.168.2.1 IP range (change to your particular tastes)
3. Go to the User Management section on the router. Go to the General Setup page on the router and make sure it is set to user based mode. Create a login called Guest and enter an appropriate password. Configure the rest of profile to your particular needs. Ie, idle timeout values, time quota's etc. You should then make this password publicly available. Ie, give it to guests or have it written down somewhere where they can see it.
4. Go to the User Management General Setup page and configure the Landing page to your needs. The field on the router supports html so you can configure this to your hearts desire. 10 points if you do something fancy.
At this point any device connecting to the internet will be asked for a username and password. Once this has been entered they will be redirected to the landing page. This is great, but we dont want this behaviour for the LAN1 users. The next step is to create a firewall rule:
5. Go to the firewall filter setup page and then add the following rule to the default data filter:
Direction LAN to WAN
Source: Subnet address 192.168.1.1 (LAN1 subnet, change to your subnet) subnet mask 255.255.255.0
Destination Address: Any
Service Type: Any
Action Pass Immediately.
All other settings can be left as default. This rule will pass all traffic belonging to the first LAN straight out without it being subject to the user management set up on the router. With this rule in place all LAN user's should have normaly access to the internet whereas all devices connecting to the second SSID will be subject to the login/landing page configuration. I believe this is the setup Voodle was referring to (feel free to correct me if I'm wrong).
In regards to the HTTPS certification issue... all user access currently uses HTTPS on the draytek device. You should be able to add a local certificate to the router from the certficate management section of the router to stop your web browser from displaying these messages.
Ps. I accept payment for my services in tea and biscuits.
Please Log in or Create an account to join the conversation.
- regisit
- Topic Author
- User
-
03 Feb 2012 11:12 #8
by regisit
Replied by regisit on topic Re: Setup Wireless Guest Portal
Thanks Frang,
It's not Draytek hate - it's understandable Draytek frustration! Like you I have been using and recommending their products for years. This is what has made this so difficult, I've recommended this router to my client and now find that Draytek have not provided the information necessary to make it work. There's no excuses for that. {Just had an email from Draytek.com support asking me for a link that shows this device even has a Wireless Guest Portal feature !]
Anyow... I had it sort of working along the lines you describe but have made your recommended changes regarindng firewall setup and now LAN needs no auth but SSID2 (LAN2) does. So that's good and many thanks!
However... I cannot see how to add a certifcate for a 192.168.1.1 address. I tried adding one via Certificate Management, but all that did was generate a CSR. Is there someone I can go with that CSR to obtain a 3rd party certificate for such an address? I usually go to StartCom for certificates, but any request requires the domain to be validated and I cannot validate 192.168.1.1 as a domain!
Also... accepting the certificate warning, I do not get taken to the landing page - tried it with the default Draytek.com page and also a simple welcome message. Nothing - goes straight to the requested URL. But that's a minor inconvenience at this stage.
So just the certificate issue to address. Any ideas?
Again, thanks very much for your help here. Be happy to send you some tea and biscuts
It's not Draytek hate - it's understandable Draytek frustration! Like you I have been using and recommending their products for years. This is what has made this so difficult, I've recommended this router to my client and now find that Draytek have not provided the information necessary to make it work. There's no excuses for that. {Just had an email from Draytek.com support asking me for a link that shows this device even has a Wireless Guest Portal feature !]
Anyow... I had it sort of working along the lines you describe but have made your recommended changes regarindng firewall setup and now LAN needs no auth but SSID2 (LAN2) does. So that's good and many thanks!
However... I cannot see how to add a certifcate for a 192.168.1.1 address. I tried adding one via Certificate Management, but all that did was generate a CSR. Is there someone I can go with that CSR to obtain a 3rd party certificate for such an address? I usually go to StartCom for certificates, but any request requires the domain to be validated and I cannot validate 192.168.1.1 as a domain!
Also... accepting the certificate warning, I do not get taken to the landing page - tried it with the default Draytek.com page and also a simple welcome message. Nothing - goes straight to the requested URL. But that's a minor inconvenience at this stage.
So just the certificate issue to address. Any ideas?
Again, thanks very much for your help here. Be happy to send you some tea and biscuts
Please Log in or Create an account to join the conversation.
- regisit
- Topic Author
- User
-