How to configure a captive portal if EWC is a VM and resides on internal network

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
Hi Everyone

Currently I'm using EWC v2110 and having a guest network topology configured as Bridge@AP tagged with Vlan ID 44. I'm trying to figure out a way to create a captive portal because my EWC is residing on a virtual machine that is on internal network VLAN 25. If possible I want to separate it from internal. Is there a way to make it work?

For captive portal to work is it a must to have it with Bridge@HWC?

Thanks.
Roger
Photo of littlefurball

littlefurball

  • 202 Points 100 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,160 Points 5k badge 2x thumb
Hi Roger

Your best would be to include the Extreme NAC in the solution or use a external Captive Portal.

When a guest initially connects you apply a unregistered policy to the guest.
This unregistered policy will be configured to tunnel client traffic to the controller and present the Guest login page.
Once the guest registers the NAC or External Captive portal can return a new policy (Using Radius Attributes) that changes the way the clients traffic is routed from bridge at the controller to bridge at the AP.

Hope this helps - am have lots if this type of setup installed and all working great.
Photo of Ostrovsky, Yury

Ostrovsky, Yury, Employee

  • 3,050 Points 3k badge 2x thumb
Hi Roger, there are multiple solutions for either NAC/ECP or Internal/Guest portal for your scenario. One of them is what Andre mentioned. Others can include : policy based routing, dns cache with Nac, split tunnel.
One think I want to note - if you decide to go with what Andre proposed, make sure you set very low dhcp lease time for your 'non-authenticated' (or Unredistered) users , otherwise when client will be changing subnet there will be high chance that it will keep previous IP address. The lease time I usually set for that topology is 30 or 20 seconds, meaning that topology is dedicated and can be used only for on-boarding purpose.