Go to Settings / Wireless Networks, click Create New Wireless Network and configure following:

Name/SSID: Your SSID ( it’s your choice what will be set as SSID Name, Guest WiFi in our case)                                             
Enabled: Enabled
Security: Open
Guest Policy: Enabled

Click Advanced Options and from the Radius MAC Authentication section, change the MAC Address format to AA-BB-CC-DD-EE-FF and save changes.

Go to the Guest Control page and in the Guest Policies section, set following:

In the Hotspot section, enable Radius-based authorization

On the RADIUS section under Profile, click the Create new RADIUS profile button or select the previously created RADIUS Profile and configure the following:
As the Authentication type, choose CHAP.
Accept incoming disconnect request: DISABLED

(Check the Configuring parameters section to learn how to create a new Radius profile)

On the Access Control / Pre-Authorisation section, enter the Walled Garden IPS.

connect.socialwifionline.com

connectwifi.cloud   

IP Address: 192.250.224.84                                                                                

Always whitelist all the Social sites as described here​. Please scroll down to the bottom and whitelist all.                                                

Configuring Parameters

Go to the Profiles Radius section and click the Create new RADIUS profile button.
Click Create New RADIUS Profile and configure the following:

 Troubleshooting

Having troubles? Here is a quick checklist:

1. Make sure that you selected CHAP and not MS-CHAP

2. Make sure that you have replaced the index and auth files.
– If the local controller installation files are on your computer. See paths above.
– If it’s Cloud Key installation, upload these files into the appropriate folder
– If it’s Hostifi, send your files to the admin to replace the original ones.

3. Make sure that you typed the AP MAC address into our cloud portal

4. If the mobile device you are testing is not reaching our Hotspot splash page, but instead you receive ERR_CONNECTION_REFUSED with an address like http://yourpublicip:8880/guest/s/…, please ensure that your Access Point (AP) can access the machine where the controller is hosted. If it’s your personal computer, perform port forwarding, unblock the firewall, etc.

5. Ensure that you match the exact model of your AP. In some cases, mistakes are not obvious, for example:

6. Client MAC is not received

If you are getting the splash page but cannot log in and receive an “Invalid password” or other error, please check if the AP is sending the client MAC address.
Some versions of UniFi AP firmware are buggy and do not send the client's MAC address.
In such a case, downgrade the AP firmware to the earlier version.
At the time of writing, a downgrade from v4.3.20 to v4.0.54 resolved the issue.

If your attempts to downgrade via web links (SSH or UniFi Controller) continuously fail, please follow these steps: SCP into the AP, copy the firmware file to /tmp, then SSH in and run the command.

7. Make sure that you have configured the Ubiquity AP (Unifi Controller) when you deploy APS with the controller.

http://192.168.1.7:8880/guest/s/default/?ap=b4:hg:04:73:de:8f&id=01:37:10:98:12:44&t=1597065764&url=http://www.msftconnecttest.com%2fredirect&ssid=UnifiGuest

It means that the controller has not started or there are no communications between the controller and APs.

9. SSID name should contain only letters and numbers—don’t use spaces or special characters, such as !, @, #, $, ?, *, ‘,-, etc.

10. If you get the message WiFiAccessDenied WelcomePage.FailedInternal
Ensure that, as a Hotspot Model for all APS on the selected WiFi location, you use Ubiquiti AP (UniFi Controller) instead of Ubiquiti AP (Firmware).

Note that Ubiquiti UniFi doesn’t control bandwidth data limit transfer. Ubiquiti Unifi allows control only of the session time but it doesn’t control bandwidth quota limits.