Howto setup the Unifi Captive Portal for your Guests

If you want to provide your guests with free and easy internet access, setting up a Unifi Captive Portal might be a good idea. While you just can create an extra wireless network (SSID) with a simple password, you also need to keep the security of your network in mind. You don’t want to give your guests access to your systems. By using the Unifi Guest Portal you can isolate the clients on your network and give them access for only a few hours.

Settings up the captive portal in the Unifi Control is pretty simple. By using the guest isolation option we can prevent the guest from accessing our network without creating VLANs. Another advantage is that you can use the captive portal to promote some of your products or services.

In this article, I am going to walk you through setting up and customizing the Unifi Captive Portal in the Unifi Controller. To the portal, you will need to make sure the controller is running 24/7. So if you have a controller running on your computer that you turn off or take with you, then you really need to buy the Unifi Cloud key.

Create a Guest User group

You might want to limit the amount of bandwidth the guests can use on your network. So before we start creating a Guest Network we first need to create a new user group. This allows us to set upload and download limits for the guests later on.

Unifi Create User Groups for Guest Network

  1. Open Settings > User Groups
  2. Click Create New User Group
  3. Give the group a name: Guests
  4. Limit the upload and download bandwidth. For simple internet browsing, 5mbit download and 1mbit upload are enough. If you want to allow streaming you they need atleast 10mbit download.
  5. Click on Save

Creating a Unifi Guest Network

We need to create a new wireless network for our guests. We will make this a Guest Network which will add a few important restrictions:

  • Pre and Post-Authorization Access. This will make sure the guest can access the captive portal for authentication. After they authenticated they won’t have access to the local network.
  • Client Isolation. This will prevent the clients from sending broadcasts or unicast message to other clients in the same network.

Unifi Create Wireless Guest Network

To create the guest network open the Unifi Controller

  1. Go to Settings > Wireless Networks
  2. Click on Create New Wireless Network
  3. Give the wireless network a name. Something your guest will recognize as a guest network.
  4. Set the security to open. We will secure the network with the captive portal)
  5. Select Apply guest policies (captive portal, guest authentication, access)
  6. Expand the Advanced Options
  7. Select the User Group we just created.

We now have a guest network, but we still need to Set up the captive portal.

Configuring the Unifi Guest Portal

So we have the wireless network for our guest and limited the bandwidth they can use. Now all is left is to create the captive portal. Within the Unifi Controller under the Guest Control section, we can create our Guest Portal, set the authentication and duration of access. So if you have a barbershop you might want to give your customers only 2 hours of access. But if you are running a B&B you can give them a couple of days access to the wifi network.

Setting up the Guest Policies

First, we are going to set up the guest policies. Open the Guest Control page in the Unifi Controller under settings.

Unifi Guest Portal Policies

  1. Enable the Guest Portal
  2. Set a simple password, something your customers can easily fill in. [email protected] for example 😉
  3. Set the expiration, you can choose anything you like here.
  4. Landing Page: you can either redirect the customer back to the page he attempted to visit or send them to a promotion URL. This can be your business website with the latest deal on it for example.
  5. Enable the HTTPS Redirection.

Customize the Unifi Captive Portal

The next step is to customize the captive portal. This allows you to do some corporate branding and inform your guests about the wifi network. There are a few things you will need to keep in mind when you customize the portal.

  • You can add a background picture, which is nice. But make sure you can still read the text. If you have a coffee shop for example, using a picture of coffee beans and your logo might work better then adding a photo of your shop.
  • Inform the users what they get, free access for x hours or days.
  • Add different language if you have foreign guests.
  • Add the terms of service with what is allowed and what not.

Customizing the Unifi Guest Portal

Unifi recommends a background image of 920px width and 640px high. On some screens, this will result in borders besides your image. So use at least an image of 1280px by 720px. Also make sure your images are not big, adding a photo straight from your camera will take a few seconds to download. Compress the image before uploading it.

Access Control

The last step is to limit the access of the guest to your local network. Below the portal customization, you will find the access control. Here we need to enter the IP address of the controller so the guest users can see the captive portal.

So in the Pre-Authorization Access, we enter the IP address of the controller followed by /32. This will limit the clients from accessing anything else on the network until they are authenticated. For the Post-Authorization Restrictions, we enter the subnet of our local network. In my case 192.168.1.0/24. The /24 limits access to every network device in the range 192.168.1.1 to 192.168.1.254.

Managing the connected clients

Your Unifi Guest Portal is now ready for use. The guests can log in and access the internet, but how can you manage them? Within the controller, we can see on the Dashboard how many guests are connected to our network. If you click on the guest you will go to the Clients page filter on the Guests.

Manage Guest Clients Unifi

Here we can see all devices that are connected, how much data they used, to which access point they are connected and the uptime. But more important, this is also the place to block a client or to revoke the authorization.

Conclusion

I hope this article helpt you settings up your Unifi Guest Portal. If you have any questions just leave a comment below.

You may also like the following articles:

Get more stuff like this

IT, Office365, Smart Home, PowerShell and Blogging Tips

I hate spam to, so you can unsubscribe at any time.

6 thoughts on “Howto setup the Unifi Captive Portal for your Guests”

  1. Thank you very much for the tutorial!

    Can you tell me the correct settings for Access Control, so the guests can only access the internet?

    Our intranet has a range of ip-addresses with 10.0.0.x (Subnet 255.255.255.0). The Gateway (Fritzbox) is 10.0.0.230.

    Thank you very much in advance!

  2. A nice quick manual, but what about the security of the wifi traffic. With open selected I assume there is no encryption of the wifi network traffic.

    I think it should be better to have your wifi protected with at least WPA2. Is there an option to do so with a portal ?

    • You cant combine the guest portal with a WPA2 protected wifi network. Yes, WPA2 is more secure, but keep in mind that with the guest portal you have the option to isolate the network. That means that one client in the guest network can’t reach or see the other guest.

      If you protect your network with a WPA2 key, then anyone that has the password of your wifi network can still intercept the traffic. With the captive portal, you can atleast control how long somebody is connected and isolate each guest traffic on your network.

Leave a Comment