跳至主要內容
繁體中文

在企業級網路控制器上設定 Captive Portal 重新導向

本權威指南詳細介紹了在企業級網路控制器上實作 Captive Portal 重新導向所需的技術架構與特定廠商設定步驟。它為 IT 團隊提供了關於設定圍牆花園(walled gardens)、整合 RADIUS 驗證以及確保符合 GDPR 和 PCI DSS 規範的實用指導。

📖 6 分鐘閱讀📝 1,397 字數🔧 2 範例3 練習題📚 8 關鍵定義

收聽此指南

查看播客逐字稿
Welcome to the Purple Technical Briefing. I'm your host, and over the next ten minutes we're going straight into one of the most searched-for, least well-documented topics in enterprise WiFi: configuring captive portal redirection on network controllers. If you've ever searched for "configurar controlador portal cautivo" and come back empty-handed, this is the briefing you needed. We're covering the full picture - the technical architecture, the controller-by-controller configuration steps, the compliance requirements, and the real-world pitfalls that trip up even experienced network teams. Let's get into it. A captive portal is the mechanism that intercepts a guest device's first HTTP or HTTPS request after connecting to your WiFi network, and redirects it to a branded splash page before granting internet access. That splash page might ask for a social login, a form submission, a simple click-through acceptance of terms, or a RADIUS-backed credential check. The redirection itself is handled at the controller level - not the access point, not the firewall. The controller intercepts the unauthenticated client's traffic, applies a pre-authentication access control list - what we call a walled garden - and pushes the client's browser to your portal URL. Why does this matter commercially? Three reasons. First, compliance. Under GDPR, you are required to obtain explicit, informed consent before collecting personal data from visitors. A properly configured captive portal is your consent mechanism. Without it, you are collecting data without a lawful basis - and that is a regulatory exposure. Second, security. An open SSID with no authentication is a liability. Captive portal redirection, combined with VLAN segmentation and a RADIUS server, gives you per-session accountability. You know who connected, when, and from which device. Third, business intelligence. Every authenticated session is a first-party data point. Purple processes 440 million logins annually across 80,000 venues. That data - dwell time, visit frequency, demographic signals - is only available if your captive portal is correctly configured to capture and transmit it. Now let me walk you through the redirect flow, step by step. Step one: a guest device associates with your guest SSID. The controller assigns it an IP address via DHCP but places it in a restricted pre-authentication state. All traffic is blocked except for DNS and the walled garden domains you have explicitly permitted. Step two: the guest opens a browser. Their HTTP request hits the controller. The controller intercepts it and issues a 302 redirect to your portal URL. This is the core redirect mechanism. Step three: the guest's browser loads your splash page, hosted either on the controller itself or, more commonly in enterprise deployments, on an external cloud platform like Purple. Step four: the guest authenticates - via social login, form, or credentials. The portal sends an authorisation signal back to the controller, typically via a RADIUS Access-Accept message or a MAC authorisation bypass. Step five: the controller moves the client from the pre-authentication VLAN to the post-authentication VLAN, removes the redirect rule, and grants internet access. That five-step flow is consistent across all major controller platforms. What differs is how you configure each step on Cisco Meraki, HPE Aruba, Ruckus, Juniper Mist, Ubiquiti UniFi, and the others. Let's go through the major platforms. Cisco Meraki. Meraki uses a custom splash page configured entirely through the Meraki Dashboard - there is no CLI. Navigate to Wireless, then Access Control, select your guest SSID, set the splash page to "Sign-on with my RADIUS server" or "Click-through", then enter your external portal URL in the Custom Splash URL field. The walled garden is configured in the Advanced Splash Settings section - you add the IP addresses of your portal server so the guest can reach the splash page before authentication. RADIUS server details go in the RADIUS section: authentication on port 1812, accounting on port 1813. HPE Aruba. On ArubaOS, you configure a captive portal profile under the AAA section, specifying the login URL, the server group pointing to your RADIUS server, and the redirect URL. You then apply that profile to your SSID via the virtual AP profile. The pre-authentication role - what Aruba calls the "logon" role - contains the ACL that permits DNS, DHCP, and access to your portal server's IP range. Post-authentication, the controller assigns the "authenticated" role, which permits full internet access. Ruckus SmartZone uses a Hotspot WLAN type for captive portal deployments. Under WLAN configuration, set the WLAN type to Hotspot, then configure the portal URL, the RADIUS server for authentication and accounting, and the walled garden entries. The Northbound Portal Interface handles the MAC authorisation flow between the portal and the controller. Juniper Mist uses a cloud-native approach. Under Network, then WLANs, create a guest WLAN and set the portal type to "External Captive Portal". Enter your portal URL and configure the RADIUS server details. Mist passes the client MAC, the AP MAC, and the SSID name as URL parameters to the portal. Ubiquiti UniFi. In the UniFi Network Controller, navigate to Settings, then WiFi, select your guest network, and under Advanced Options set the Guest Policy to enable the hotspot portal. Set the portal type to "External" and enter your portal URL. Configure the RADIUS server under Profiles, then RADIUS. The walled garden is the most commonly misconfigured element in captive portal deployments. Get this wrong and your guests will see a browser error instead of your splash page. The walled garden must permit, at minimum: your portal server's IP addresses or domain, your RADIUS server's IP addresses, DNS resolution on port 53, and DHCP on port 67 and 68. If your portal loads assets from a CDN - fonts, images, JavaScript - those CDN domains must also be in the walled garden. For Purple deployments, we provide the specific IP ranges and domains to whitelist during onboarding. The most common failure mode is a portal that loads the HTML frame but fails to render images or execute JavaScript because the CDN domains are missing from the walled garden. Two compliance standards dominate here: GDPR and PCI DSS. Under GDPR, your captive portal must present a clear, specific consent mechanism before collecting personal data. This means separate, unticked checkboxes for WiFi access and marketing consent. You cannot bundle them. The consent record must be stored and retrievable for audit purposes. Purple's platform handles this automatically, storing consent records against each authenticated session. Under PCI DSS, if your venue processes card payments, your guest WiFi network must be isolated from your payment card environment. This means a dedicated guest VLAN with firewall rules preventing any routing between the guest segment and your POS network. PCI DSS version 4.0, which became mandatory in March 2024, requires network segmentation testing at least every six months. Let me give you two concrete scenarios. Scenario one: a 350-room hotel running Cisco Meraki. The hotel wants to replace a basic click-through portal with a branded guest experience that captures email addresses for their loyalty programme. The configuration: create a dedicated guest SSID on a separate VLAN with internet access only. Configure the Meraki splash page to point to Purple's portal URL. Set up RADIUS authentication using Purple's RADIUS server details. Configure the walled garden with Purple's IP ranges. In the Purple dashboard, build a branded splash page with a form capturing name, email, and room number, with explicit GDPR consent checkboxes. Connect the Purple CRM connector to the hotel's marketing platform. Premier Inn implemented this model across their estate and saw measurable increases in direct booking rates from WiFi-acquired guests. Scenario two: a regional retail chain with 40 stores running HPE Aruba. The retailer needs a consistent guest WiFi experience across all sites, with footfall analytics to compare store performance. Deploy Aruba Central to manage all 40 sites from a single dashboard. Configure a guest WLAN template with external captive portal pointing to Purple. Apply the template across all sites using Aruba Central's group policy feature. In Purple, configure a single portal template that applies across all venues, with per-venue analytics dashboards. The walled garden and RADIUS configuration are defined once in the template and propagated automatically. Result: the IT team manages 40 sites from one console. The marketing team gets per-store footfall data, dwell time analysis, and repeat visit rates - all from a single Purple dashboard. Four pitfalls I see repeatedly. One: HTTPS interception failures. Modern browsers and mobile operating systems use HTTPS probes to detect captive portals. If your controller cannot intercept HTTPS traffic - which requires a valid certificate for the redirect domain - the probe fails silently and the guest sees no redirect. The fix: configure your controller's virtual interface with a trusted certificate, or use HTTP-only probes on your guest SSID. Two: DNS leakage. If your pre-authentication ACL permits unrestricted DNS, guests can use DNS tunnelling to bypass the captive portal entirely. Restrict DNS to your designated resolver only. Three: session timeout mismatches. If your controller session timeout is shorter than your portal's session token validity, guests get redirected back to the portal mid-session. Align these values - typically 24 hours for hospitality, eight hours for retail. Four: missing accounting. RADIUS accounting - the Accounting-Start and Accounting-Stop messages - is how your portal knows a session has ended. Without accounting configured, your portal's session records will be inaccurate and your analytics will be unreliable. Quick questions, quick answers. Can I use an external portal with any controller? Yes, provided the controller supports external captive portal redirect - which all the platforms we have discussed do. Do I need a RADIUS server to run a captive portal? Not always. Simple click-through portals can use MAC authorisation bypass without a full RADIUS server. But for credential-based or social login portals, RADIUS is the standard mechanism. Does captive portal work with WPA3? Yes. WPA3 handles the wireless encryption layer. Captive portal handles the authentication layer. They operate independently and are fully compatible. How does Purple integrate with my existing controller? Purple acts as the external portal server. You point your controller's splash URL to Purple's portal endpoint, configure the walled garden with Purple's IP ranges, and set up RADIUS using Purple's server details. The integration is the same process regardless of whether you're on Cisco Meraki, HPE Aruba, Ruckus, Juniper Mist, or Ubiquiti UniFi. To summarise. Captive portal redirection is configured at the controller level, not the access point. The core components are: the splash URL pointing to your portal, the walled garden permitting access to your portal server, RADIUS for authentication and accounting, and VLAN segmentation for network isolation. The configuration steps differ by vendor but the architecture is consistent. For compliance, your portal must implement GDPR-compliant consent capture and PCI DSS-compliant network segmentation. WPA3 is the current standard for wireless encryption and should be your baseline specification on any new deployment. Purple integrates natively with Cisco Meraki, HPE Aruba, Ruckus, Juniper Mist, Ubiquiti UniFi, Cambium, Extreme, and Fortinet. Across 80,000 venues and 440 million logins in 2024, the platform is hardware-agnostic by design - your controller choice does not constrain your ability to capture first-party guest data or run analytics. Your next step: review your current controller configuration against the walled garden and RADIUS accounting checklist in this guide. If you're deploying a new guest WiFi network, start with the vendor-specific configuration steps for your controller platform and connect Purple as your external portal. Thanks for listening. This has been the Purple Technical Briefing.

header_image.png

執行摘要

在企業級網路控制器上設定 Captive Portal 重新導向,是提供安全且合規的訪客 WiFi 的基本要求。設定正確時,控制器會攔截未經驗證的用戶端流量,並向外部入口網站發送 HTTP 302 重新導向,從而實現驗證、同意書簽署和網路分割。若設定錯誤,則會導致無聲的連線失敗、瀏覽器安全警告以及合規性風險。

本指南提供了在 Cisco Meraki、HPE Aruba、Ruckus、Juniper Mist 和 Ubiquiti UniFi 上部署外部 Captive Portal 所需的技術架構與特定廠商設定步驟。我們詳細介紹了重新導向流程的機制、圍牆花園設定的精確要求,以及用於驗證和計費的 RADIUS 整合。透過遵循這些步驟,您可以確保您的訪客網路符合 PCI DSS 分割要求、取得明確的 GDPR 同意,並將第一方數據安全地路由到 Purple 等平台。

技術深度剖析

Captive Portal 重新導向機制在網路控制器層級運作。它依賴特定的網路狀態變更順序來攔截、驗證和授權用戶端裝置。

architecture_overview.png

重新導向流程

  1. 關聯與 DHCP:訪客裝置與訪客 SSID 關聯。控制器透過 DHCP 指派 IP 位址,但將用戶端置於受限的預先驗證狀態(通常對應到特定的預先驗證 VLAN 或角色)。
  2. 圍牆花園強制執行:在此預先驗證狀態下,除了 DNS(連接埠 53)、DHCP(連接埠 67 和 68)以及流向存取控制清單(ACL)中定義之特定 IP 位址或網域的流量外,所有連外流量都會被丟棄。此 ACL 被稱為圍牆花園(walled garden)。
  3. 攔截與重新導向:當訪客開啟瀏覽器並發起 HTTP 請求時,控制器會攔截該請求。控制器不會將流量路由到網際網路,而是回應 HTTP 302 Found 狀態碼,將瀏覽器重新導向到您的外部 Captive Portal URL。現代作業系統使用自動 HTTPS 探測(例如 Apple 的 Captive Network Assistant)來偵測此重新導向並觸發虛擬瀏覽器。
  4. 驗證:訪客與託管在外部入口網站(例如 Purple)上的歡迎頁面(splash page)進行互動。這可能涉及社群登入、表單提交或簡單的點擊同意。完成後,入口網站會與控制器通訊以授權該工作階段。
  5. 授權與計費:授權訊號通常透過 RADIUS Access-Accept 訊息或透過特定廠商的 API 發送。控制器接收此訊號,將用戶端移至驗證後狀態(通常是不同的 VLAN),移除重新導向規則,並授予網際網路存取權限。然後,控制器發送 RADIUS Accounting-Start 訊息以記錄工作階段持續時間和數據使用量。

實作指南

基本架構在不同廠商之間是一致的,但設定語法有很大差異。以下是領先企業級平台的步驟。

vendor_comparison_chart.png

Cisco Meraki

Cisco Meraki 完全透過 Meraki Dashboard 設定 Captive Portal。

  1. 導航至 Wireless > Access Control 並選擇您的訪客 SSID。
  2. Splash page 下,選擇 Sign-on with my RADIUS server(用於基於憑證的存取)或 Click-through
  3. Custom Splash URL 欄位中,輸入 Purple 提供的外部入口網站 URL。
  4. RADIUS 下,輸入主要和次要 RADIUS 伺服器的 IP 位址,用於驗證(連接埠 1812)和計費(連接埠 1813),以及共用金鑰。
  5. 滾動至 Advanced Splash Settings 以設定圍牆花園。新增您的入口網站伺服器和任何所需 CDN 的 IP 位址或網域。

HPE Aruba

Aruba 設定涉及定義 Captive Portal 設定檔並將其套用到角色。

  1. 在 ArubaOS 中,導航至 Configuration > Authentication > L3 Authentication
  2. 建立新的 Captive Portal Authentication Profile。輸入指向您的 Purple 歡迎頁面的 Login URL
  3. 建立包含您的 RADIUS 伺服器的 Server Group,並將其指派給 Captive Portal 設定檔。
  4. 導航至 Configuration > Security > Roles。編輯預先驗證角色(通常命名為 logon)。確保 ACL 允許 DHCP、DNS 和 HTTP/HTTPS 流量流向您的圍牆花園 IP 位址,並將 Captive Portal 設定檔套用到所有其他 HTTP 流量。
  5. logon 角色指派為訪客 SSID 的 AAA 設定檔中的初始角色。

Ruckus SmartZone

Ruckus 針對熱點部署使用特定的 WLAN 類型。

  1. 導航至 WLANs 並建立新的 WLAN。將 WLAN Type 設定為 Hotspot (WISPr)
  2. Authentication Options 下,選擇 External RADIUS Server 並輸入您用於驗證和計費的伺服器詳細資訊。
  3. Hotspot Portal 下,選選擇 External 並輸入您的 portal URL。
  4. 透過新增必要的 IP 位址或網域來設定 Walled Garden
  5. Ruckus 依賴其 Northbound Portal Interface (NPI) 來處理授權流程,這需要設定 NPI 設定以允許來自您 portal 伺服器的通訊。

Ubiquiti UniFi

UniFi 為外部 portal 提供直覺簡單的介面。

  1. 在 UniFi Network Controller 中,前往 Settings > WiFi 並選擇您的訪客網路。
  2. Advanced Options 下,啟用 Guest Policy
  3. 前往 Settings > Guest Control。在 Portal Type 下,選擇 External Portal Server 並輸入您的 portal URL。
  4. Access Control 下,將所需的 IP 位址新增至 Pre-Authorization Access 清單(即 Walled Garden)。
  5. Profiles > RADIUS 下設定 RADIUS 伺服器詳細資訊,並將該設定檔套用至訪客網路。

最佳實踐

1. Walled Garden 設定

Walled Garden 是 Captive Portal 部署中最關鍵的單點故障來源。如果 Walled Garden 設定不完整,訪客的瀏覽器將無法載入歡迎頁面(splash page),從而導致畫面空白或逾時錯誤。

您必須明確允許存取以下內容:

  • 主要 portal 伺服器的 IP 位址或網域。
  • RADIUS 伺服器的 IP 位址。
  • portal 用於載入字型、圖片或 JavaScript 的任何內容傳遞網路 (CDN)。
  • 如果使用社群登入,則需包含身分驗證提供商的網域(例如 facebook.comgoogle.com)。

2. 適用於 PCI DSS 的網路分段

如果您的場所處理刷卡付費,PCI DSS 合規性要求將訪客網路與持卡人資料環境進行嚴格隔離。請勿僅依賴 SSID 隔離。您必須在控制器或交換器層級設定專用的訪客 VLAN,並配置防火牆規則,明確禁止在訪客 VLAN 與任何內部企業或銷售點 (POS) 網路之間進行路由。

3. RADIUS 計費 (Accounting)

請務必設定 RADIUS 計費。雖然 MAC 授權旁路可以授予存取權限,但仍需要 RADIUS 計費(Accounting-StartAccounting-Stop 訊息)才能精確追蹤工作階段持續時間和數據使用量。若無計費功能,您的分析平台將報告不準確的停留時間和同時在線使用者人數。

疑難排解與風險緩釋

HTTPS 攔截失敗

現代作業系統使用 HTTPS 探測來偵測 Captive Portal。如果控制器攔截了 HTTPS 請求,但在重新導向時提供了無效或不受信任的 SSL 憑證,瀏覽器將顯示嚴重的安全性警告(例如「您的連線不是私密連線」)並封鎖重新導向。為了緩釋此問題,請確保您的控制器虛擬介面已配置有效的、受公開信任的 SSL 憑證,或者將控制器設定為僅針對初始重新導向攔截 HTTP 流量。

DNS 洩漏

如果預先驗證 ACL 允許不受限制的輸出 DNS 流量,高階使用者可以使用 DNS 隧道技術來繞過 Captive Portal,並在未經驗證的情況下存取網際網路。請透過將預先驗證角色中的輸出 DNS 流量限制為僅允許您指定的 DNS 解析器,並封鎖所有其他 port 53 流量來緩釋此風險。

工作階段逾時不一致

如果無線控制器上設定的工作階段逾時時間短於外部 portal 中定義的工作階段有效期限,訪客將會突然斷線並被強制重新驗證。請確保控制器的閒置逾時和絕對工作階段逾時與預期的訪客體驗一致(例如:旅宿環境為 24 小時,零售環境為 8 小時)。

投資報酬率 (ROI) 與商業影響

部署設定妥當的 Captive Portal 能將訪客 WiFi 從營運成本轉化為策略資產。透過將企業控制器與像 Purple 這樣的智慧層整合,場所可以獲取明確的 GDPR 同意並收集寶貴的第一方數據。

Purple 每年在 80,000 個場所中處理 4.4 億次登入。這些數據會直接匯入 CRM 平台,從而能夠根據實際的實體造訪進行精準的行銷活動。例如, 零售 營運商可以衡量客流量和重複造訪率,而 旅宿 場所則可以透過在訪客退房後與其互動來促進直接訂房。其 ROI 體現在客戶終身價值的提升、透過精準客流量分析提高的營運效率,以及透過自動化合規管理降低的監管風險。

關鍵定義

Captive Portal

A web page that intercepts unauthenticated network traffic and requires user interaction—such as accepting terms or providing credentials—before granting internet access.

Used in enterprise networks to enforce security policies, capture first-party data, and ensure regulatory compliance.

Walled Garden

An access control list (ACL) applied to unauthenticated clients, permitting access only to specific IP addresses or domains required to load the captive portal.

Critical for ensuring the splash page loads correctly; missing CDN domains in the walled garden will cause the portal to render improperly.

RADIUS

Remote Authentication Dial-In User Service. A networking protocol that provides centralised Authentication, Authorization, and Accounting (AAA) management.

Used by network controllers to verify guest credentials against an external database and log session metrics.

VLAN Segmentation

The practice of dividing a physical network into multiple logical networks to isolate traffic.

Mandatory for PCI DSS compliance to ensure guest WiFi traffic cannot route to payment card environments.

HTTP 302 Redirect

A standard HTTP response status code indicating that the requested resource has been temporarily moved to a different URL.

The mechanism used by network controllers to intercept a guest's initial web request and push their browser to the splash page.

IEEE 802.1X

An IEEE standard for port-based network access control, requiring devices to authenticate before gaining access to the network.

Provides enterprise-grade security by ensuring each connection is individually authenticated, often backed by a RADIUS server.

WPA3-Enterprise

The latest Wi-Fi security protocol, providing robust encryption and requiring 802.1X authentication.

Recommended for secure enterprise deployments to protect against offline dictionary attacks and ensure data confidentiality.

MAC Authorisation Bypass (MAB)

A method of granting network access based on the client device's MAC address rather than requiring explicit user credentials.

Often used in click-through captive portals where the portal registers the MAC address after the user accepts the terms of service.

範例

A 350-room hotel needs to deploy a branded guest WiFi portal that captures email addresses for their loyalty programme, ensuring compliance with GDPR and isolating guest traffic from the corporate network.

The IT team deploys Cisco Meraki APs and configures a dedicated guest SSID on VLAN 100. In the Meraki Dashboard, they set the splash page to 'Sign-on with my RADIUS server' and enter Purple's portal URL. They configure the walled garden to include Purple's IP ranges and CDN domains. Firewall rules are applied to VLAN 100, denying routing to the corporate VLAN to ensure PCI DSS compliance. In the Purple platform, a branded portal is created with a data capture form and explicit GDPR consent checkboxes. The Purple CRM connector is configured to sync captured emails directly to the hotel's marketing platform.

考官評語: This approach correctly addresses both the technical and commercial requirements. VLAN segmentation ensures security and compliance, while the integration with Purple provides the necessary consent capture and CRM synchronisation. The use of RADIUS ensures accurate session tracking.

A regional retail chain with 40 stores requires a consistent guest WiFi experience across all locations, with centralised management and store-level footfall analytics.

The retailer deploys HPE Aruba APs managed via Aruba Central. A single guest WLAN template is created with an external captive portal pointing to Purple. The pre-authentication role is configured with the necessary walled garden ACLs. This template is applied across all 40 sites using Aruba Central's group policy. In Purple, a unified portal design is deployed, with analytics dashboards configured to segment data by individual store locations.

考官評語: Using Aruba Central's template-driven configuration eliminates configuration drift across the 40 sites. The integration with Purple allows the marketing team to compare footfall and dwell time metrics across the entire estate from a single interface, demonstrating the value of a hardware-agnostic intelligence layer.

練習題

Q1. A venue reports that guests connecting to the WiFi are seeing a blank screen instead of the branded splash page. The portal uses custom fonts hosted on Google Fonts. What is the most likely configuration error?

提示:Consider what traffic is permitted before a user authenticates.

查看標準答案

The walled garden is incomplete. The Google Fonts CDN domains have not been added to the pre-authentication ACL. The controller is blocking the request to load the fonts, causing the page render to fail.

Q2. To comply with PCI DSS, an IT manager creates a new SSID named 'Guest_WiFi' on the same subnet as the corporate network. Is this sufficient?

提示:PCI DSS requires isolation of the cardholder data environment.

查看標準答案

No. Creating a separate SSID on the same subnet does not provide network isolation. The guest network must be placed on a dedicated VLAN with firewall rules explicitly denying routing to the corporate or POS networks.

Q3. A retail chain notices that their analytics dashboard shows 1,000 authentications per day, but the average dwell time metric is missing or zero. What configuration step was missed?

提示:Which protocol is responsible for tracking session duration?

查看標準答案

RADIUS Accounting has not been configured on the controller. Without the Accounting-Start and Accounting-Stop messages, the analytics platform cannot calculate the duration of the sessions.

繼續閱讀本系列

如何設定 SCEP 以實現安全的 BYOD 與 802.1X 網路驗證

本指南提供設定 SCEP 以部署憑證型 802.1X 網路驗證的完整技術參考。內容涵蓋從共享密碼到 EAP-TLS 的架構轉變、行動裝置管理(MDM)整合,以及在企業環境中實現安全 BYOD 存取的嚴格網路分段。

閱讀指南 →

企業級訪客 WiFi 設定指南:VLAN 區隔、安全性與 Captive Portals

本指南為企業級訪客 WiFi 部署提供技術藍圖,重點關注 VLAN 區隔、安全協定和 Captive Portal 架構。其中詳細介紹了如何在複雜的場域中安全地隔離流量、強制執行加密標準並收集第一方數據。

閱讀指南 →

整合 WeChat WiFi 登入:透過社群 Captive Portals 捕捉互動參與

本指南詳細介紹如何將 WeChat WiFi 驗證整合至企業級 Captive Portals 中,內容涵蓋 OAuth 2.0 架構、RADIUS 整合,以及在 Cisco Meraki、HPE Aruba 和 Juniper Mist 硬體上的逐步部署步驟。它為 IT 經理和網路架構師提供了一個實用框架,在吸引 WeChat 13 億用戶的同時捕捉第一方數據,並透過關注公眾號和登入後重新導向來推動互動參與。

閱讀指南 →