IdentiFi Wireless Appliances - Guest Portal with Branches /Routed

  • 0
  • 1
  • Question
  • Updated 2 months ago
  • Answered
i need some help how to avoid to tunnel all gust traffic to the Controller when uses one Central Controller and Branches within the VPN Network.

Long Version:
We have a Customer with a Central C35 Controller with is Managing the Accesspoints on 3 Branches with are connected throug VPN. When i configure the Guest Portal like the topology is set to Bridged@EWC. In this Case all traffic that is generated within the Gustnetwork is tunnel over the VPN and the Breakout is in the Headoffice. How is the correct configuration to avoid this.
Thanks a lot

Photo of Stefan Sleik

Stefan Sleik

  • 70 Points
  • confused

Posted 2 months ago

  • 0
  • 1
Photo of Philipp Tittmann

Philipp Tittmann

  • 774 Points 500 badge 2x thumb
Hi Stefan,

when you want to use the buildin guest portal you can still use your configuration to let the guest login with the given accounts, after they successfully logged in, they are authenticated. In the VNS configuration window you can apply a different ROLE für the authenticated state. Therefor you can use a BridgeTraffic@AP Role.
So when the user is authenticated the Topology will change for them. You just need to set a short lease time of the NON-Auth Topology and need an local DHCP-Server in every branch for the AUTH-Role.

Hope this helps
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 4,816 Points 4k badge 2x thumb
Hi Stefan

You will require Extreme NAC or an external guest portal, you will not be able to use the Internal POrtal page.
You can then use the HTTP/HTTPS redirect at the AP.

When a guest connects he would get the B@AP unregistered role.
This role will then redirect the guest to the Guest Portal on NAC or the extrenal Portal.
Once the client have finished registering an updated policy is applied to the guest bridging localy at the AP.

I have numerous sites running like this.