Setting up Wifi/RADIUS

Set up Cobot & IronWifi's Wifi/RADIUS integration to optimize your check-ins and track your members.

Amanda avatar
Written by Amanda
Updated over a week ago

Cobot has partnered with IronWifi to provide you with a comprehensive Wifi/RADIUS integration. Your members can use our RADIUS integration to log in to your wifi/network using their Cobot credentials.

When activated, you can:

  • Control who can go online and work in your space.

  • Track when and how often people visit your space.

  • Automatically use day passes for limited membership plans.

The Wifi/RADIUS integration can also play an essential role in your emergency preparedness protocols and legal compliance. Your space may have an obligation to track who is present at all times, depending on your local laws or insurance policy.

This guide will cover:


How it works

RADIUS consists of two parts: a server and a client device (your network router or access points). After you sign up, we provide you with access to a server via our partner service IronWifi. Most routers today support RADIUS. However, please double-check that yours supports it before signing up.

After you set up the integration between your router and Cobot, members will be asked to log into your Wifi network with their Cobot login credentials. They will then be able to access the internet or see an error code if access is not allowed. They will not have access if:

  • The member does not have any valid time passes.

  • If their membership has been canceled.

Members who log in are also automatically checked in on Cobot. You can see how many people come into your space under 'Attendance' in the analytics section.

When your members come in the next day, they do not have to log in manually again. Cobot stores their computer's MAC address (a unique number that comes with each device). It recognizes the account, checking them in automatically.

Members can sign in to your Wifi with multiple devices and only have one time pass deducted at a time. If you would like to limit the number of devices your member logs in with, we cannot do this for you, but you may be able to do this via your router or network settings.


Setting Up Wifi Login With RADIUS

To set up RADIUS, go to Setup » Wifi Integration » Setup RADIUS Server. You will receive 30 free days, and then the charges will be invoiced along with your Cobot subscription.

We provide a RADIUS server with which your (wifi) router must be able to communicate. There are two ways of setting this up. The capabilities of your network devices will determine which one you can use.

Captive Portal

A captive portal is a log-in form shown in the user's browser. Your wifi is managed with the same security level as before (probably with a shared password).

Pros:

  • The form can be customized, e.g., with information for new members or your logo and colors.

  • You can give people access to certain pages even if they don't have an account yet, or have run out of time passes. This way, you can allow access to Cobot so people can sign up or buy more time passes.

Cons:

  • Sometimes the form might not show up immediately. For instance, when you navigate to a website that uses HTTPS, it may simply give you an error instead of showing the form. This is due to how captive portals are implemented and cannot be changed.

WPA2 Enterprise / IEEE 802.1X

WPA2 Enterprise replaces the shared wifi password you used before. Instead of a dialog asking them for the wifi password, people are presented with a dialog requesting a log-in and password. They will use their Cobot credentials to complete the log-in.

Pros:

  • Works reliably—the form will always be there.

Cons:

  • Anyone without a Cobot membership or members who have run out of time passes cannot access the wifi to buy more passes. They would need to use their phone, or you would need to provide a tablet or similar device.

  • You cannot customize the form.

  • Some people (depending on their operating system and version) will see a security warning when joining the wifi for the first time. On newer systems, members can skip the warning. On older Windows versions, they can't skip it. Instead, people have to install a wifi profile, which you can generate here.


Supported Routers & Protocols

Please check your router's manual, and if you are still unsure, consult a network specialist. The following vendors are known to provide routers and software that are compatible with our RADIUS offering:

Our integration supports the following RADIUS protocols:

  • PAP

  • MSCHAP

  • MSCHAPv2

  • TTLS-PAP

  • TTLS-MSCHAP

  • TTLS-MSCHAPV2

  • PEAP-PAP

  • PEAP-MSCHAP

  • PEAP-MSCHAPV2


Setting Up Your Router

This depends on your router, so please check your manual. If you are unsure about what to do, please consult a network specialist.

In general, you'll need to activate the router's captive portal feature or enable WPA2 Enterprise and configure it to authenticate against the RADIUS server(s) provided by Cobot. If your router does not support changing the RADIUS port, the authentication can also be done on the default port (9112) if you send the actual port using a RADIUS attribute "NAS-ID (NAS-Identifier)." If that doesn't work either, contact us, and we can run an extra server for you using the default port (at an additional cost).

After that, your members should see a log-in page whose hosting location is configured by the router when they try to access the internet. By entering their Cobot log-in credentials at that page, they will get access.

If you have devices that you do not want to do this for, such as TV's or VOIP phones,

just whitelist the mac addresses to not require RADIUS and it should work.

Recommended domains to whitelist in your router

This only applies to spaces using a captive portal.

To allow members to visit important websites without logging in (e.g., to sign up for Cobot and enter payment information from within your space), you should whitelist the following domains in your router:

  • [your Cobot domain] (which looks like [yourspace].cobot.me)

  • your custom Cobot domain if you have one set up, for example members.[yourdomain.com]

  • cobot.me

  • cdn.cobot.me

  • cdn1.cobot.me

  • cdn2.cobot.me

  • cdn3.cobot.me

  • cdn4.cobot.me

  • scss.cobot.me

  • payments.cobot-platform.com

  • api.stripe.com

  • js.stripe.com

  • q.stripe.com

  • paypal.com

  • live.adyen.com

If you want members who haven't logged in to the captive portal to use any of our add-ons, you will have to whitelist additional domains. Please contact us for details.


Informing Your Members

To help with your member onboarding, include a note in your member confirmation email about how they can access your WiFi network.

Trusted Certificates

The RADIUS server uses Trusted Certificates. Your members, especially newer Android users, may be prompted to enter a domain before accessing your WiFi network. This domain needs to be "ironwifi.com."

Guest Accounts & Group Access

Check out our detailed guides on how to set up guest accounts and group access here:


Troubleshooting

If you or your members are having trouble logging in, check your authentication logs under Setup > Wifi Integration > Authentication logs. These will help explain why there is an access reject notice, such as an incorrect password or invalid membership.

What Do I Do if My Members Can’t See the Wifi Login Page?

Our Wifi login requires the use of the DNS protocol. If a member's computer uses a custom DNS server instead of the Pfsense routers, the login won't work. Try to disable any custom DNS settings on the device.

Another source of problems could be people trying to go to a page using HTTPS. To be redirected to the login form, people should visit a site that uses only HTTP, for example, http://google.com.

What Do I Do if My Members Using Android 11+ Devices Can’t Connect?

You might find members using Android devices are presented with several additional parameters such as domain or certificates.

In the past, Android supplicants haven't put any importance on trusting the Authenticating Server. This has changed since Android 11 Security Enhancement was released in December 2020. As a result, you cannot skip the certificate validation.

You can find a detailed guide on connecting Android 11+ devices to your WPA Enterprise secure network; check out IronWifi's Help Center guide here.


If you are still having trouble, send us a message or IronWifi Directly at support@ironwifi.com or book a time with IronWifi Support here.

  • Please provide the email address of the person experiencing issues and any error screens or troubleshooting steps you have already taken.


🧰

Not sure what integrations will bring your strategy to life?

Learn how to optimize add-ons with expert help.

Did this answer your question?