UniFi Guest Network with Captive Portal

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

one of the craft talk solutions my name is Chris and today we have a little bit of a different video for you I'm going to actually be walking you through an actual client setup so I'm going to talk about the clients need the equipment that I'm using and then we're going to go ahead and set everything up start to finish and we're going to do it warts at all so any problems that I run into we're just going to try to overcome those problems together so let's go ahead and jump right into it whenever I'm setting up a system for a new client I start with a drawing right so I like to draw out what I'm proposing to do and then I modify that drawing as I go through it to add additional detail or to make any necessary changes so what we're doing today is a simple unify install this is for a motel 6 located up in gorgeous Seaside Oregon just about three or four hours up the coast from where I live and so what we have here is their internet connection which comes into an existing router now I don't really even know what that router is it doesn't really matter for my purposes because I'm only setting up their guest wireless network so their existing router branches off to their internal land which they don't want or don't need any Wi-Fi access to so normally when I'm setting up something like this for a client I would use the USG and I would break that out into a secure internal land as well as a guest Network so that you could have secure Wi-Fi access as well as guest Wi-Fi access this client doesn't need that so that's why I'm not doing that they just want to basically have something that they plug into their existing equipment and it provides wireless access for their guests now this isn't a very big hotel so I'm only utilizing two UAP AC pros and of course we're going to start with that and if they don't have enough coverage we can always add additional access points it's necessary so off of their existing router I have a LAN port of the u.s. d and that is going to just be DHCP so they can plug it into the LAN their existing land and it will get a DHCP IP address it shouldn't really matter that this is going to be double NAT 'add it that's not really going to affect guests I picked a random LAN IP addressing scheme I did 192 168 50.1 I just want to make sure that whatever it is it's not going to overlap with their secure internal land which I don't think that would I mean the chances are pretty low that their internal land is already set to 180 168 50 I tried to ask them about this but they couldn't tell me definitively what it was and so I just picked a random Class C subnet and we're going to hope for the best okay I'm going to give it a DHCP pool for their clients of 180 168 50 dot 10 through 254 ok so that's going to give them 244 usable IP addresses for the clients of this hotel off of land 1 that's going to feed a unify switch 860 wat now in this picture on in Visio here that is actually a the 850 watt but that's because the Vizio stencil that I have for you Bickle T products doesn't have the 8 port 60 watt yet by the way I get this question every single time I put a Vizio on the screen I'm using Vizio for this diagramming that's the tool that I'm using to diagram this out Microsoft Visio and the stencils that I'm using are free to download if you just Google ubiquity Vizio stencils there's a forum post thread and there's a guy that keeps up to date and and publishes new versions of Visio stencils for ubiquity products every so often I get that question from one of my most often asked questions and one of my most often answered questions but I keep getting asked so I figured I would throw that in there ok so we've got a u.s. 8 60 watt I'm going to set that @ 1h 168 52 and then we've got 2 UAP AC pros and these are just going to be DHCP okay for the guest network the SSID is going to be Motel 6 guest it's going to be an open network but we're going to create a captive portal using a simple password in this case the passwords going to be Motel 6 2017 that's the password that they give out to guests it's printed on a flier right at the front desk or given out with the room keys whatever we're going to make eight hour expiration on the captive portal and we're going to limit the guests that connect to the captive portal to my 5 megabits down and 1 megabit up and we're going to be turning on the client isolation now one thing that you may notice is missing from this picture is the unified controller or a cloud key where is that well we're going to use my Amazon based unified controller ok so I have an Amazon AWS based unified controller it's up in the cloud and we're going to start there by switching over to that controller here's their webpage Motel 60 so I might need to grab some pictures the captive portal that I'm setting up I don't often setup captive portals for customers in fact I very rarely do one of the only other customers that I've set up a captive portal for is this same customer for a different motel 6 location so I'm going to be using the new I forget what it's called there's like the legacy captive portal stuff and then the newer captive portal stuff we'll get to that a little bit later and I'll remember what it's called but I'm going to be trying to set it up with that which I have actually never done before for a client so that will be very interesting to use the new captive portal tools in for this new deployment so here we have my unified controller I've created a site in this unified controller for Motel 6 a seaside but I have done nothing else all I've done so far is is created that site so the first thing I want to do is basically go through the settings and I want to make sure that the settings are are the general settings are good and then we're going to go ahead and set up the network and the guest access before we ever plug in any of our devices ok so let's click on settings down here in the bottom left-hand corner we can see device authentication I'm actually going to change this to something random I like to use sword generator net because I can click this thing here that says avoid ambiguous characters I can turn that on and so that way when you have a lowercase L or an uppercase I those are excluded from the password that this generates and so there's never any confusion over you know I versus L or over 0 anything like that so 10 characters is fine and we're going to say it generate now anytime I do something like this I immediately make note of the password that was generated because we want to make sure that we save that information in case we ever lose it ok so I've got that copied I'm going to change the user name to ub NT and then we're going to paste the new password and i will block all of that out when i put this up on the screen here so let's take a look at the rest of these settings motel 6 seaside that's fine Pacific time is correct where you don't want to automatically upgrade firmware I don't like doing that enable status LED on the all of the equipment that's fine enable alert emails that's fine we're not going to do the periodic speed test uplink connectivity monitor I'll enable but we're not going to able any sort of automatic failover all of this basically we're just taking the default setting so let's go ahead and apply those changes so that we get that new password set and let's move on to networks so here we have our corporate network we're going to edit that we want to change this to 180 168 50.1 slash 24 it's a class see that's fine we're going to go ahead and update the DHCP range and it says 50.6 through 254 by default I'm changing that to 50 10 just so that we have about nine static IPS on the network one through nine which one is going to be used and two is going to be used for the switch and then the rest will just be available for future use okay so DHCP name server let's go ahead and give it some name servers we're going to give it 192 168 50.1 which is the USG and then we're also going to give it eight eight eight eight as a backup save that setting and our network is complete routing in firewall we're just going to take all of the defaults it won't let me do anything here anyway since I don't have the USG plugged in yet but let's go to wireless networks let's create a new wireless network name SSID where you can go back to our Visio so we can see it's Motel - six underscore guest so Motel - six underscore guest and it's going to be an open network we're going to save that and then I will add in the Advanced Options later in this video okay so we have a basic network setup we have the core networks Class C Network created core networks Class C Network the core Class C Network created and we have a wireless network setup so now I'm going to unbox and plug in this equipment and we're going to start with the USG I like to keep the boxes relatively intact I'm not going to pull you I'm not going to pull out the power cord because I have a us G power chord that's sitting right here that I'm going to be able to use for setup and then I'll just put this right back in the box for when I ship it to the customer okay so USG has been plugged in I want to get it wired up so I'm going to wire the when one port into a just a land that i have on my network here in this case it's 180 168 254 0/24 you see my 24 port edge switch here it's just an extra VLAN that I use for test network setup so this is going to function as the internet or the LAN side of the USG so it doesn't really matter what it is because the LAN port will remain DHCP it's just going to pull an IP address off of whatever network I plug into it all right so that's plugged in I can see the light on top of the USG has started flashing which means that it's booting up okay at this point I am also going to switch my computer so that it's using its gum to plug it directly into the LAN one port on the USG and that way we can set up the USG to inform out to our cloud-hosted controller okay so my computer's plugged in I'm going to change my computer so that it is a DHCP instead of statically set on the network there we go and now as soon as it's ready it should pull an IP address looks like it's already getting there yes let's see what it pulled close that down open a command prompt bring this over it loops bring this over IP config is going to show me that I pulled 192 168 1.6 ok so that's the default range of the USG it's 182 168 1 the first DHCP pull address is dot 6 and that's what I pulled since I'm the only device plugged in there and then we have the default gateway at 192 168 1.1 so let's go ahead and bring that up in our browser 192 168 1.1 which by the way if I go back here I actually should already have internet access ping 4.2.2 - yeah see so since the USG pulled a DHCP IP address on the when automatically and then I plugged directly into the default settings on the land I actually already have internet access for this firewall so that's wonderful ok so your connection is not private we're going to get past that here is the back end of the unified security gateway IP address that it pulled here router primary DNS secondary nest that's all fine I don't need to edit this configuration at all since I'm not setting it statically but if you look down here set in forum URL I want to click on that so here is the inform URL in my case it is HTTP colon hack hack unified dot C Sherwood consulting.com colon 88 88 e slash inform eighty slash inform okay and I'm going to go ahead and say set and now if I go to my unify controller click on devices I should very shortly see this device appear in the list okay so we've hit a snag it is not showing up in my unify controller let me try to ssh to the device and see if I can do the set inform from within the actual device alright so I did SSH into the device you bien tu BNT we're going to do set - inform HTTP : hack hack a unified si Sherwood consulting comm colon 8080 slash inform and there it is okay so again I don't know why it didn't work when I did it through the GUI but all you got to do is find the workaround and the workaround was just do the set inform request right in SSH so now we see one USG pending adoption we're going to go ahead and say adopt and we're going to let that device adopt and then we will go ahead and update it while that's adopting I'm going to unbox the unify switch 860 watt and we're going to go ahead and get this one plugged in and turned on as well so I've got the unify switch 860 watt plugged in I'm going to unplug my desktop from the LAN one port and I'm going to plug it into port 2 of the unified switch 860 watt I need power and then I'm going to just take a small patch cable and go from land one of the USG into port one of the 8 port switch ok so there might be a little bit of weirdness as the USG is changing networks and my computer still has a DHCP IP address in 192 168 1 so my computer needs to switch to 180 168 50 and so while that sort of change is taking place I might need to refresh my own DHCP lease a few times before it actually picks it up and starts working right now I probably don't have internet access yep I don't but I'm going to leave this persistent ping up in the corner here so we can see when my internet access comes back let's get another command prompt going because I'm going to try to renew my DHCP lease ipconfig slash release up nevermind it looks like I don't have to write as I started doing that I did get internet access back so if I look at my computer and I do IP config let's see where I am now oh I still have my IP address in 192 168 dot 1 that's interesting let's see what we're looking like in the controller here it still says adopting so it probably hasn't completely picked up those changes yet I think we need to wait until this device actually finishes adoption and the light on top turns blue and then we will come back and continue the setup from there okay so that was pretty quick it's about 2 minutes later and we see that the USG has now turned into a disconnected status this is something that happens with devices when you're setting in form to a remote controller all I need to do now is just basically run the set in form command again and at that point it should finish the adoption provision the device and then hopefully reboot it it's going to come up the LED will turn blue and then I need to make sure that my computer is on the 192 168 50 Network and then we will start the adoption of the unify switch ok so let's go ahead and set inform one more time and we can see that adoption says it says adoption required let's go ahead and adopt and let's run the setup form again this can be a little bit weird sometimes when you're adopting out to a unified controller sometimes you have to run the set in form come in twice in a row and sometimes you don't so it's just a little odd but with patience you'll be able to get it we can see now that it is in provisioning status that is wonderful let me it's been adopted I see a blue light on top already but I'm going to wait for the provisioning stat to turn to and you know ok status before continuing you see now also the unify switch 860 watt has shown up and ready for adoption so even though this is adopting out to a cloud hosted controller because the unify switch 8 is plugged directly into the USG the USG recognized it as a unified device that needs to be adopted so as soon as the USG finishes provisioning i will actually reboot the unify switch 861 because you can see here that it has an IP address of 180 168 1.7 that was left over for when i first plugged it and i probably should have waited to plug that in until the USG was completely ready to go take a look at my persistent ping you can see right now i'm getting a request timed out that probably means that i need to refresh my DHCP lease on my system here so we're going to say IP config slash release and we're going to say IP config slash renew there we go now I have internet again so I can actually cancel the renew and let's do IP config and let's see what IP address we have 191 68 50 . 10 so there we go that is perfect that's exactly what I wanted my computer is now 191 6850 the USG is 102 168 50 and I still have the unify switch 8 at 182 168 1 if I left it long enough it would renew and become a dot 50 IP address or in the you know one IC 168 50 0/24 network but I'm going to kind of force that to happen and just reboot that device okay here we can see that the USG is connected 192 168 50.1 connected status and we can see that it actually requires an upgrade but before I upgrade it I am going to reboot the switch so that I can get the adoption of the switch going let's go ahead and do that now of course rebooting the switch my computer's plugged into it is going to take me offline while I do this but it shouldn't actually take too long so if I look at my persistent ping we see I'm getting a request timed out now and as soon as I see a request timed out or replies again then I know that the switch has finished rebooting and it should show up in this unify site with the in 191 6850 probably one ninety one sixty eight fifty dot eleven since that's going to be the next IP address in the range and then we will adopt it and we will statically set it to 1 I to 168 52 as per my drawing here there we go so I now have access here let's go ahead and refresh unify and see if we can see that device on a new IP address there we go and what did I say 192 168 fifty dot eleven pending adoption we're going to go ahead and say adopt and get the unify switch adopted I'm also going to set a friendlier name let's close this out I'm going to click on the device and we're going to say configuration u.s. - eight - 60-watt and save okay so now I'm just going to wait for the US eight 60-watt to finish adoption and then once it finishes adoption I am going to plug in my UA PA see pros and we're going to get those on the unified controller as well okay so here we go the u.s. G and the u.s. eight 60-watt are now connected and online the next thing we're going to do is get my access points online now these are access points that were brand new but I did set them up for a client at one point who ultimately didn't need to use them so I put them back in my stock so they have been configured to they have been informed to a unified controller before so what I need to do is plug them in and then factory default them so that they should come up as pending adoption one more time okay here we go we're going to plug these in now the unify switch 860 watt the last four ports on this device are 802 3 AF p OE compatible so as long as I plug this into one of the last four ports it should come right up we're going to plug in one and we're going to plug in two well see I actually might have done the forget this device when I realized that I wasn't going to use these two access points with the previous client so we'll see they might actually come up as pending adoption right off the bat if they don't I will factory default them and actually it looks like oh no they are look there we go pending adoption 192 168 50 . 13 oh interesting one came up as adopted you can see well I don't know if you can see that but it's got a blue ring and the other one came up as available for adoption so this is the one that is 191 60 50 . 13 it's got a white LED ring pending adoption and then this one came up with the blue LED ring which means that it actually is on someone else's network right now so we're gonna or on someone else's unified controller so we're going to factory default just this one with my factory defaulting tool the handy dandy paperclip alright so I'm going to hold in the reset button for about 10 seconds as soon as I see the blue LED flash I know that we are ready to release it and it will reboot and it is now factory default in the meantime though let me adopt this first one that came up and we're going to call this UAP AC pro - one actually I take that back I'm just going to call it a p1 access point one save very important when you're doing this kind of stuff too is to always label all of your equipment I had a subscriber of mine that was nice enough to purchase a very nice label er for me off of my Amazon wishlist this is the Dymo Rhino 5200 look at this sucker that is a labeler I'm so happy with this thing although I have barely even scratched the surface on what it can do as far as labels but it can do all kinds of different labels including you know labels that are meant to be heat-shrink taun - cables and stuff so plus it's super heavy and very rugged so let's go ahead and print out a couple of labels I'm just going to start with one it says ap1 and ap2 so that I can label the access points and I know which ones which alright so while I'm doing these labels I see that the other access point is now pending adoption so I'm going to click on that and we're going to say adopt I'm also going to click configuration and we're going to name that one aap - okay there we go so all four devices USG us eight 60-watt access point one an access point to are all connected and online the next thing we're going to do is upgrade all of these devices I'm going to do that off camera because it's going to take probably about 15 minutes to get them all upgraded and then once they're upgraded I will come back and we'll finish the setup alright so you guys in a second okay so all devices have been updated we are good to go as far as the rest of the configuration I also checked on my phone and I'm now seeing the guest Network for Motel 6 okay so a little bit of maintenance right off the bat I don't want my access points to be on the same channel so we're going to manually set the channel of these access points I'm going to leave the transmit power to auto for now I may change that later but I want to set the channel on both the 2.4 gigahertz and the 5 gigahertz bands two different things so as far apart as possible for access point one I'm going to set channel 1 and 5 gigahertz channel 36 go ahead and cue those changes for access point 2 I'm going to set channel 11 and 48 on the five gigahertz queue those changes okay so let's go ahead and apply the changes and that's going to reprovision those access points once I actually have them deployed I will probably remote in and actually do a test to see if there's any other devices that are on those channels and I may just those if necessary once I'm actually in production alright and let's go take a look at our user setup so you're here we have the wireless network right now it's just an open wireless network anyone would be able to connect to it the first thing I want to do is create a user group and this is how we're going to limit the bandwidth for the guest users so we're going to create a new user group we're going to call this guest and we're going to limit the upload and download bandwidth so the download bandwidth is going to be 5,000 kbps or 5 megabits the upload bandwidth is going to be 1,000 kbps or 1 megabit go ahead and save that now if we go back to our wireless network edit the wireless network we want to apply guest policies so this is going to be captive portal guest authentication and access and under Advanced Options we're going to set the user group to guests okay so that is now basically saying we are limiting people on this network to 5 megabits down one megabit up we're going to go ahead and save that and let's go back in there is there anything else that we need here block land to wind multicast and broadcast data we might as well turn that on because we don't need that we don't need VLANs and we do want to have the SSID broadcast so we don't want to check that box all right let's go ahead and save that setting ok so let's get into our guest control so we're going to enable the guest portal authentication is going to be a simple password and the password that we picked was Motel 6 2017 Motel 6 201 7 we're going to set the expiration at 8 hours and we're going to have a landing page that is going to be the website for this motel 6 so I'm going to copy this right here and paste that into here so basically when they successfully authenticate we're going to redirect them to the motel 6 web page ok so here we have portal customization now this is brand new to me I've sort of played around with this a little bit I even did a video where I kind of did a sample mock set up but I've actually never used the angularjs that was the term I was forgetting earlier in the video I've never used this angularjs in production so let's go ahead and try it out and let's see how it works so override default templates well I don't know what the default template is so we're just going to leave that blank title we're going to say Motel 6 seaside guest login now let's see a naval welcome text welcome to Motel 6 seaside please log in for internet access again I may change this stuff we're going to I'm just kind of going through to see what all of these settings do ok so text position choose one under the logo or above the boxes let's go ahead and put it above the boxes that's right there ok wonderful portal customization up a custom logo upload image and background image upload image let's see if I turn off the logo it'll just be this and then I can maybe put a nice background image so let's grab a background image off of the webpage here so let's see there's two different images I kind of like this one better this one has better colors that one's pretty nice though too and we don't need any of that alright let me just grab this first one here that's a nice daytime shot not a lot of cars in the way I'm going to go ahead and save image as okay so I save that to my desktop let's go ahead and upload that as the background image on the portal alright so now though we see that my text color is the welcome text color is now super light because it's against the white background so let's see if I can edit can I edit the color of that background color text color yes f-f-f-f-f-f-f let's change that to something darker here we go wonderful alright so there we go so now the welcome text is black so that works button color is fine the button color is almost like the motel 6 color in fact let me actually grab the motel 6 blue it's up here in the corner I've got this tool here called colorzilla it's a chrome plug-in color picker I can grab the exact color okay so a color copied to clipboard let me change the button color to that exact color and I think that worked you get a desktop preview as well as a mobile preview so this is what it's going to look like on the mobile devices and then this is what it looks like on a desktop device okay button text color that's fine if it is red or should I make that the Motel 6 red color right now it's white should I make it to Motel 6 now I'm not going to get that fancy alright so box opacity and 90% I think that's fine it looks good you can kind of see the house or the the motel sort of through the the box there that looks pretty good honestly I mean I can't imagine what more you would need voters we're not going to worry about access control we're not going to worry about that looks pretty awesome I think I'm going to go ahead and save that and let's say I'm going to test it out on my phone Oh what is this Oh button color I have a extra pound in there it was 17 BB - alright there we go okay we're going to save this apply changes and I'm going to try logging in on my phone to see how it works okay so I logged in on my phone I received an IP address of 192 168 50 14 and I have not received the pop-up yet let me try to bring up a web page okay so I try to pull up a web page and it redirected me to the IP address of my server / guest so it worked it redirected on port 80 eight eight zero for anyone wondering so I don't know if you can see this but we can see the guest portal that I set up right there I'm going to go ahead and log in and proceed and then it redirected me to that page that I had set up there we go okay so wonderful so that seems to be working just fine and I'm happy with that captive portal now there's one additional thing that you're going to want to do whether or not you have a cloud hosted unifi controller and that's determine what happens if someone tries to connect to the wireless network but there is no access to the unified controller or the guest you know authentication portal the captive portal so in my case I want to basically say look if someone connects to Wi-Fi and my unify controllers down or if I'm you know upgrading it in the middle of the night and it's unavailable or something like that I want to allow those guests to pass through without having to authenticate in the captive portal and that's a setting that you have to set in unify so we're going to bring up unify it let me actually change my font size here so it's a little bit easier to see so here we have a font is a little bit bigger now I've already been looking at this a little bit while the camera was off but if you look at the unified controller we've got in the URL this let's see one two three four five six seven eight digit code and this is the subdirectory for the site that this controller or that or it's the site subdirectory for this site in unified so if we go to unify and I look at let me go back here PWD what's my present I think it's present working directory is that command we can see that I am in my unified controller this is on Amazon AWS and I'm currently in slash user Lib unified data sites okay so if I look at this I see a bunch of those eight digit codes right these are all the different sites that I happen to have on this unified controller one of these is going to match this Motel six site it's the CY qts blah blah blah so if i say c d cy q tab i am now in this site for this unified control for this particular i've been the subdirectory for this site okay now what i need to put into this folder is a config dot properties file with the correct entry and the entry i need to put is config dot self run underscore guest underscore mode equals pass now I know this because I've already setup a motel 6 very similar to this on this same controller so I'm going to go to that Motel sixes site directory and I'm going to look in here and here we have the config dot properties I put it in on March 11th 2015 that was a long time ago so if I say cat config dot properties we can see there's just one line in there and it says config dot self run underscore guest underscore mode equals pass so I'm basically going to copy this CP config dot properties dot dot so previous directory and then forward slash this new site cy q TS v py permission denied ok sudo okay so I had to put pseudo in front of it's a pseudo pseudo copy CP config dot properties and then dot dot slash the new site I want to copy it into so let me go back there again we can now see I have a config dot properties file located in here and now I need to force unify to reprovision my access points so to do that we can kind of just go into like settings and we're just going to uncheck the uplink connectivity monitor apply that change and then we're just going to check it again and apply that change and if I go back to my devices they should be provisioning here in just a second okay so once you have forced a reprovision of your access point you can actually check to see if that command was taken by SSA Qing into one of the access points in this case iff H into access point to using the username and password the device username and password that you set up on this site and unify and you say cat CFG slash MGMT and so here we have all of our management settings we can see that one of the management settings is management self run guest mode equals pass and that's exactly what I wanted I want guest mode equal pass which means if the unified controller or the captive portal is unavailable for any reason we're just going to allow that traffic to pass through to the internet anyways okay so that looks good and I think for the most part I am done I might put a few finishing touches on this install certainly I need to label the devices you know this is where you plug in the internet this is where you plug in the switch etc so I will label all of the devices with my label er but other than that this is pretty much good to go okay so we are back this is actually the next day and I had finished up the video and then kind of thought about it and realize that stuff just wasn't working right and so I wanted to revisit some of the configuration that I've done here and basically point out what I did wrong or what I have learned I guess better way of saying is what I have learned from setting up the new the new style captive portal utilizing my cloud hosted unify controller so bottom line is it doesn't work very well now that's odd because I have another motel 6 on this same unified controller cloud hosted and I've never heard of any problems with that unified controller so I don't know if there's a difference between the angularjs versus the legacy type of captive portal in unify or if they just kind of ignore their users internet problems and don't actually contact me about it so here's what I'm seeing ok so first and foremost this does work it is set up and it is working properly but what I'm seeing is it takes a while for clients to actually authenticate onto the Internet so let's take a scenario I'm a user I'm checked into the motel 6 I want to get my phone on to internet access I go in I punch in the motel 6 password into the captive portal and I hit submit now unify is authenticating me almost immediately within seconds however the access points aren't picking up that authorization for anywhere between 20 seconds to I think the longest I counted was about a minute and 10 seconds okay so I believe what is what is happening or what has happened here is that since I'm running a cloud hosted unify controller there's some sort of latency that was put into place where this access point only seems to be checking for new authorizations once a minute and when it checks once a minute it sees oh this client has authorized so it really depends on how close to the minute mark I clicked submit for this thing checks in right so if I checked in it you know 59 seconds to the next minute it will authorize me pretty quickly but if I checked in at one second after the new minute it could take up to you know over a minute to actually authenticate me and that's what I'm seeing and if you think about that for a hotel situation that's really bad we don't want that because that's going to cause calls to the front desk from users that are like my Internet's not working oh wait a minute now it is right so they're going to get a lot of that you're going to go a lot of frustrated people and that is certainly not what we want to set up for our users so let me show this to you I actually just today just in the nick of time I received a USB AC dual band network card that someone purchased for me off of my Amazon wishlist so thank you very much John I believe is the gentleman who purchases for me I'm going to put this to good use starting right now we're going to take my computer here and we're going to plug it into wireless so that I can show you the time that it takes to actually authenticate and the problems that I am seeing okay so first things first though here is unify I'm going to come over here to my devices I'm sorry my clients and I'm going to unauthorized well actually I'm wired in here so let me get on to the wireless first and then I will we'll see if we can see the redirect actually taking place unplug my desktop from the LAN I am now not wired in I have lost internet access if we look at the desktop here we can see that I am now getting a general failure on my persistent ping I'm going to plug in my wireless network card okay so give that a second now it sees the wireless network card I'm going to click and I'm going to choose the Motel 6 guest Network and I'm going to click connect this should redirect me to the portal up there we go look it actually already started pinging probably because my device is already authorized on this network so I'm going to need to go in here and unauthorized it in order to sort of force the captive portal screen to pop up so let's go ahead and do that next there we go okay so it has actually popped up a new copy of my desktop one eye to Essex a fifty dot 15 I'm going to click on authorize and we should see my persistent ping drop here after I click unauthorized so again this might be the same problem it hasn't unauthorised yet I still have internet access with this device no that's still going and this is probably the same problem where this only checks in once a minute and then once it checks in it'll see that that device is no longer authorized and it will stop allowing internet access to my PC so let's just give it another few seconds here and see if that happens oh yeah there we go okay so now so that was probably about I don't know 45 or 50 seconds and now we can see that my device has been unauthorized I have lost Internet access so let's go ahead and disconnect and reconnect to that network and this time when I reconnect the motel 6 guest it should pop up the captive portal page connect there we go so immediately pops up the captive portal page this is the one that I designed we're going to go ahead and say motel 6 2017 which is the password we're going to click connect and let's look at our persistent pain now the HTTP redirect is going to timeout and bring us to a blank page which for the user is going to seem like an error there it goes right so now it says you know the redirect didn't work and I'm still timing out here but within one minute it will start responding to pings to the outside world and then I will be online at that point but going through this right now as a user I'm going to be frustrated I'm going to stay wait a minute I clicked on it it brought up this weird page it can't be reached and now what what's going on I mean what am I you know I'm kind of stuck out in limbo land here right now there we go so it just started pinging and now this redirect will we work and there we go so now I have internet access but again that took about again probably 30 or 40 seconds it depends on when the access point seems to check in to the cloud hosted unify controller for new authorizations now this is a problem that has been reported on the unify website or in in the forums of unify forms I've got a couple of posts related to this and there was a workaround but basically said something to the effect of you can create a local HTTP server that simply does a redirect out to your cloud hosted controller but again that's sort of a I'm not happy with that because I don't now want to introduce another layer of complexity to this remote network for one of my customers so what I'm going to do here because I don't like the way that this is working with my cloud hosted controller is I'm going to take the cloud hosted controller out of the mix and I'm going to give this customer a cloud key okay so what I'm going to do right now is I'm going to factory default all of this equipment one more time I'm going to factory default this cloud key and we're going to set the whole thing up one more time but utilizing the cloud key instead of my cloud hosted unified controller now the setup for this cloud key is basically going to be the same as I've done in my unify complete unify setup video so if you haven't seen that go check that out I'm going to do this offline and bring it back to the point basically where I am right now on the unified controller except it'll be on the cloud key locally on the land and then we're going to test again and see if that has made any difference I'm going to stop the video and do all of that because I don't want to repeat the exact same setup that I did in the first part of this video okay so stay tuned for that and I'll be right back okay back now I have rebuilt the entire setup so that we're now running off of this cloud key and I've tested my phone and my laptop and everything seems to be working a lot better so we're going to do one final test with you guys on my desktop here so let me bring up the command prompt we're going to do a persistent ping to the outside world for a 22.2 and I'm going to disconnect my computer here from the switch so now I am no longer hardwired into the switch we can see that I'm getting a general failure on my persistent pings and now we're going to hop on to the Motel 6 Network connect okay so I'm going to shrink this down a little bit so that we can see both the persistent ping and the captive portal there we go and let's count the seconds between when I enter the password and when I'm authentic ated onto the internet now that we're running off of the local unify cloud key so Motel 6 201 7 and connect ok so that was about 10 seconds and the redirect should work here oh look at that timed out let's hit it again so now it's on there so that's not ideal it was certainly a lot faster and actually that redirect worked fine on both my phone and my laptop so I'm going to unauthenticated so let me leave the persistent ping up let's go back to the unified controller we're going to click on clients I'm going to find my client oh of course I'm on the guest Network which is client isolated which does not have access to this unified controller so hang on a second I got to plug myself back in for one second ok back in need if I controller we're going to click on clients I'm going to find my wireless desktop client right here and we're going to unauthorized that client we'll give it about 30 seconds and then I will disconnect myself from the land again and we're going to try that same exact test one more time ok so those changes should have had time to propagate out now let's go back to our dashboard I'm going to unplug myself from the land there we go and immediately I should be losing connection on my persistent ping which I and let's go over here close this out we're going to connect wirelessly to Motel six guests connect and it looks like I am actually still authorized so now I got to wait until it gets unauthorized usually it takes about a minute wait there goes okay now I'm on a press oh I'm not being patient enough with this stuff so when you unauthorized user it does take up to about a minute to unauthorized like we saw previously I was hoping that it would be faster to unauthorized now that I'm on the local controller but apparently it's not so now I am unauthorized let me disconnect from the wireless disconnect and reconnect again connect this time I should be immediately redirected to the captive portal which I am Motel 6 201 7 let's go ahead and say connect and count the seconds here okay so that time was 19 seconds and again it well now its redirected okay so it redirected to a blank page so it looks like the first time I tried was 11 seconds the second time I tried was 19 seconds regardless both of those are better than what I had before I'm still not entirely happy with that honestly but it is working it should work just fine for the clients in fact I'm going to do one more test just to make triple quadruple sure that it's working and it's working within 20 seconds I mean if you can get on the internet within 20 seconds usually that's going to be fine the only thing that bugs me is that redirect that's going to a blank page before it then refreshes and actually get to the correct landing page okay so it's probably been about two minutes I ran upstairs to get some water now we are going to disconnect my computer from the land once again this will be our third test we can see my persistent ping has stopped getting requests timed out let's close out the captive portal let's connect Motel 6 guests connect immediately redirect it to the portal Motel 6 201 7 Connect there we go okay so that time about 20 seconds again you know it is what it is I have never been a huge fan of the BIC wa t captive portal stuff it's it's working okay I'm not entirely happy with it and if this customer has a problem with the way that this works I will probably recommend just doing away with the captive portal and just going with a straight you know authenticated wireless network you're not going to have the redirects to the motel 6 webpage as we see here but if it makes his customers happy and it doesn't drive as employees nuts that the internet the Internet's not working all the time then I think they'll be happy with that so overall it works a lot better on the cloud key than it did on the Amazon AWS hosted controller and so let's think about that for a second there's a couple of lessons to be learned from all of this number one is simply test the crap out of all of your solutions right so I could have finished up the install yesterday and just left it as is and shipped it off to the customer and then ultimately started receiving you know I would have started to receive complaints about you know how long it was taking for people to get authenticated on to the internet you know 1 minute or more is not really acceptable when someone's trying to get onto the Internet the second lesson to learn here is don't spend a lot of time troubleshooting something that may or may not work right so I did about half an hour maybe 45 minutes worth of research on this captive portal redirect issue that I was seeing I kind of determined very quickly that it was simply due to the fact that it's a cloud hosted controller and it was causing the problems with the authentications not being passed to the access points quickly enough and I mean the solution was simply an $80 add-on right so it's an ad on the cloud key for 80 bucks and it basically fixes or certainly helps alleviate that problem very significantly so I'd rather just spend the 80 bucks and give this guy the cloud key then waste you know potentially hours of my time trying to figure got some sort of work around with a local HTML a local HTTP server that is doing a redirect utilizing unify variables out to the internet don't spin your wheels when you know there's a sort of path of least resistance solution to the problem that doesn't cost that much money my time is worth more than the 80 dollars that I spent on this cloud key and of course I'm going to pass the cost of the cloud key off to the customer anyways so there you have it again this is this is a a raw installation this is warts-and-all this is not polished this is something that I'm not too familiar with you know I don't do captive portals very often and so it was a learning experience for me but I now take what I learned and I can apply that forward to other clients and you know if anyone else wants a captive portal I will just immediately default to making sure that they have a cloud key or some other local unify controller for that captive portal other than that I did want to show you one thing let me plug back into the network I had mentioned when I did the initial setup of the unified controller that I was going to make the unify eight ports which static and I didn't actually do that so let me just show you real quickly where I did the static settings on the unify switch by the way we can see the amount of power that it's drawing so the cloud key is pulling two point two four watts and the access points are pulling about three point eight to four watts if you go to configuration and then network you can set this to static IP and then I gave it the IP address of 180 168 52 and the rest of the information so that's how you set that switch statically now one final thing I did want to do is just show you again how I'm going to ship this to the customer and the documentation that I'm going to provide to them you saw the video that I did but I also take it an extra step further because it's the details especially when talking about something very complicated the details really really count so let me show you one more thing okay here we go so yeah couple things I didn't want to show you again label the boxes right so there we've got it very clear for the client when they receive this let me focus on that we can see that on the switch we've got from the USG out to the access points I will also add the cloud key on here since I added that after I marked up the box same thing with this box here here's the Internet it plugs in there out to switch port 1 on the 8 ports which interestingly enough to I know if you can see this but look on the box see right there it's mislabeled it says land - yes so land - there and then we've got land - here as well I don't know the box for some reason mislabeled it's actually fine on the device itself but the box is the port is mislabeled one other thing let's take a look at because I have another neat tool to play with this is a infrared thermometer let's see how hot these things are so the top of the access point we are reading about 85 degrees let's check out the bottom of the access point that should be probably hotter there we go one hundred and nine hundred and nine degrees take a look at the switch 93 degrees on top of the switch cloud key 100 degree cloud key and the USG it's hard to see my lights are getting the way it's about 94 degrees all right there you go just for anyone curious there's your operating temperatures okay there you have it I hope you guys enjoyed this video if you did enjoy this video please give me a thumbs up and if you'd like to see more videos like this please click subscribe my name is Chris with prof stock solutions and thank you so much for life [Music] [Applause] [Music]

Info

Channel: Crosstalk Solutions

Views: 379,581

Rating: 4.9057741 out of 5

Keywords: unifi, ubiquiti, guest network, guest portal, wifi guest portal, wifi guest network, unifi guest network, ubiquiti guest network, unifi guest, usg, uap-ac-pro, uap-ac-lite, uap-ac-lr, cloudkey, us-8-60w, us-8-150w

Id: LA4dowjsn1s

Channel Id: undefined

Length: 59min 5sec (3545 seconds)

Published: Fri May 12 2017