The preceding guide should be enough to get captive portal running on your network. There are, however, many other settings on the captive portal configuration. Most of them can be kept at their default settings most of the time, but in certain circumstances they can be altered to ensure the captive portal works smoothly.
On the main captive portal configuration page under the Interfaces list box is the Maximum concurrent connections edit box. This setting controls not how many users can be logged into the captive portal, but rather how many concurrent connections are allowed per IP address.
The next two settings are Idle Timeout (Minutes) which controls how long it is before an idle client is disconnected, while Hard Timeout (Minutes) controls how long it is before a client is disconnected even if they are active. Both settings are optional and leaving them blank disables them. Applying a timeout for idle clients is a good way to prevent exhaustion of the DHCP pool.
The next setting is the Pass-through credits per MAC address edit box. Entering a number here allows a client to pass through the captive portal this number of times without being directed to the captive portal page. Once this number is exceeded, the user is directed to the captive portal login page again. As the name implies, this is done on a per-MAC address basis.
The Reset waiting period checkbox, if checked, will result in the waiting period on login attempts being imposed on clients whose pass-through credits have been exhausted. If not checked, such users will be allowed to log in again immediately. The Logout popup window checkbox, if checked, will display a pop-up logout page when the users initially pass through the captive portal. This can be used to allow users to explicitly log out, but it also can be used if you want to display a page informing the user that they have successfully passed through the captive portal.
HTTPS Options initially has a single option: the Enable HTTPS login checkbox, which when checked, will cause the captive portal username and password, over an HTTPS connection, to take advantage of the SSL encryption such a connection provides. If this box is checked you must provide the HTTPS server name and the SSL certificate. The server name should match the Common Name (CN) in your certificate.
By default, when HTTPS login is enabled, clients can connect to the captive portal via HTTPS. You can prevent this by checking the Disable HTTPS Forwards checkbox, in which case attempts to connect to port 443 sites will not be forwarded to the captive portal. Users will then have to attempt a connection to port 80 to get forwarded to the captive portal.
There are several other options on other tabs worth mentioning. The MACs tab allows you to control access to the captive portal based on MAC addresses. Clicking the +Add button on this page allows you to add a MAC address. Once you do this, you will be at the Edit MAC Address Rules page. Here you can specify a MAC address (the button to the right of this option allows you to copy your MAC). The Action drop-down box allows you to choose what to do with traffic from this MAC address (the options are Pass and Block). You can also specify Bandwidth up and Bandwidth down limitations for the MAC address (in kbit/s), as well as a non-parsed description in the Description field.
The Allowed IP Addresses tab allows you to control captive portal access by IP address. Clicking on the +Add button on this page takes you to the Edit Captive Portal IP Rule page. At a minimum, you must enter the IP address and the CIDR of the address. You can also specify the direction of the access. From allows access from the client IP through the captive portal. To allows access from all the clients behind the portal to the IP. The Both option allows traffic in both directions. As with MAC addresses, you can specify Bandwidth up and Bandwidth down for the specified IP address.
The Allowed Hostnames tab allows you to control captive portal access based on hostname. Again, the +Add button on this tab allows you to add entries. You need to enter a hostname in the Hostname field, and, as with Allowed IP Addresses, you can control the direction of the access, as well as Bandwidth up and Bandwidth down. You may also enter a non-parsed description in the Description field.