cancel
Showing results for 
Search instead for 
Did you mean: 

How to: IdentiFi Wireless Appliances - Guest Portal

How to: IdentiFi Wireless Appliances - Guest Portal

Ronald_Dvorak
Honored Contributor
Here a short overview how to configure a basic wireless guest portal on a IdentiFi Wireless Appliance.

The screenshots are from a C5110 running V9.21.02.0014.

Network diagram:

006b3137a9114a19bf5438c82f7d72ea_21775-5wo1ei_inline.png



Click "Configure" for the DHCP advanced options to set..
- DNS
- Gateway
- IP Range

006b3137a9114a19bf5438c82f7d72ea_22544-fc7ii6_inline.png



2) Create Roles
Add a new role for the unauthenticated guest users (= clients that are connected to the SSID but haven't registered yet via the guest portal page).

Set "access control" to "Containment VLAN" and in the field "VLAN" choose the topology that was created in step 1).

006b3137a9114a19bf5438c82f7d72ea_2795-4k79jc_inline.png



In "Policy Rules" add the following rules to allow certain services to redirect the clients to the portal page.
- the IP of the topology = to access the portal page
- DHCP = for clients to get a IP from the DHCP server
- DNS = to allow name resolution, only if name resolution is allowed the clients will be redirected to the portal
- The reverse direction of the traffic
- Deny all as the last rule

!!! In/Out must be set correct and remove the checkmark from AP filtering !!!

In this scenario it would look like…

006b3137a9114a19bf5438c82f7d72ea_2795-ssc7qf_inline.png



Add a new role for the authenticated guest users (= clients that are registered via the guest portal with a username/password).

Set "access control" to "Containment VLAN" and in the field "VLAN" choose the topology that was created in step 1).
In this example we allow all traffic to pass so there is no need to add rules in "Policy Rules".
!!! If you'd like to deny certain services add deny rules. !!!

006b3137a9114a19bf5438c82f7d72ea_2795-u2b6c6_inline.png



3) Create a WLAN Service
- Set the "Default Topology" to your guest portal topology
- Select the AP that should provide the guest SSID
- In the advanced options it's might be a good idea to select "Block MU to MU traffic" = traffic between guest clients is denied

006b3137a9114a19bf5438c82f7d72ea_21775-1ekrzzs_inline.png



Set the "Mode" to "Guest Portal"

006b3137a9114a19bf5438c82f7d72ea_21775-1orwqmr_inline.png



Enabled "WMM", "802.11e" and "Flexible Client Access"

006b3137a9114a19bf5438c82f7d72ea_2795-4dbse3_inline.png



4) Create a Virtual Network
Add a new VNS and select the the "WLAN Service" from 3) and the "Non-Authenticated" and "Authenticated" roles from 2).

006b3137a9114a19bf5438c82f7d72ea_21775-tprbbg_inline.png



6) Test
- Connect the wireless client to the guest_portal SSID
- Check the > Reports > Clients > By VNS > guest portal
○ You should see that the client has a IP of 10.12.5.X and is unauthenticated (= the lock on the left is open/grey)

006b3137a9114a19bf5438c82f7d72ea_2795-kd62u6_inline.png



- Open a web browser and put in any valid webpage address
!!! Http only, per default https is not allowed !!!
- You should get redirected to the captive portal webpage of the controller
- Put in the username and password and you should have access to the internet

006b3137a9114a19bf5438c82f7d72ea_2795-cmttz8_inline.png



- Check the > Reports > Clients > By VNS > guest portal
○ You should see that the client is now authenticated (= lock on the left closed/green)

006b3137a9114a19bf5438c82f7d72ea_2795-18xjxn2_inline.png



2 REPLIES 2

Ryan_Mathews
Extreme Employee
Incredible work guys!

Doug
Extreme Employee
Reference: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-a-Guest-Portal-Service
Doug Hyde
Director, Technical Support / Extreme Networks
GTM-P2G8KFN