We are using a captive web portal for our guest network, and when guests joins the open registration SSID where the portal is published, they got ip-addresses on the same network as the access points, which is our network devices management network, and that looks ugly even if they most likely can't access anything in the network.
Is it possible to use different ip-addresses than the same network as the AP's management interface for the registration SSID?
Also, it would be very nice to be able to access a captive web portal over LAN, since we have a different portal where our employees can create PSKs for their mobile phones and tablets, but it seems to be a complicated to understand setup with a registration SSID and a SSID that is the real network they should use. Registering a PSK for their tablet using their normal computer would be easier to explain. Is it at all possible to access the captive portal over LAN?
To change the IP scope that is assigned to your users while they are access the CWP but before they authenticate and use their DHCP server on your network, you would want to go to Configure> Open the network policy> Open the SSID> Open the CWP object in use> Expand "Advanced Configuration"> Under Network Settings, select the "Customize" option, which will give you four interfaces to give IP scopes to. While your clients are accessing the CWP, they will use these addresses. Once they get through the CWP and connect, they will use the DHCP server for the VLAN they've been assigned to.
The self registration SSIDs can be a bit confusing. Typically we see the Open registration SSID named something along the lines of "Register here" and then we can set up a success page that shows after they've completed the registration directing them to connect to the PPSK SSID name so they know where to go next.
Do you mean these settings? I tried to set them as attached image, but still got the ip-address from the management network. Might there be something more that needs to be set before these addresses are assigned? And why do I need to set up addresses on the eth interfaces if the cwp only is available through wifi?
My apologies, I misspoke earlier, the CWP is on the LAN by default since it's hosted on the APs themselves. So the ETH interfaces would need to be included when we set this manually. Did you push these changes out to the APs you're testing with?
Yes, I did push the config
I have now tested this and got some additional information through other sources. These ip-addresses specifies the ip-address that the CWP portal uses internally, but the ip-address that the client is using to contacting the AP is specified by the default user profile setting in the PPSK SSID that the CWP is connected to.
Still it's open if the CWP is accessible in some other way that trough a special registration SSID.
Could you send me tech data so we can look in to why those IP scopes aren't getting applied? My direct email is firstname.lastname@example.org. You can get tech data by going to Tools> Utilities> Get tech data> Check the box next to the AP> Get tech data (blue button at the top of the page this time)
Contact Us:Sam PirokCommunity@extremenetworks.com