Remote APs - Captive portal

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
I have remotes APs and I want to set an SSID with a captive portal for guest access, but the Internet traffic should be from the local Internet connection where are the APs, not where the controller is located.

It's possible ?
Photo of agd

agd

  • 382 Points 250 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 51,164 Points 50k badge 2x thumb
Yes, that is possible.
Set the topology for the non-authenticated role to either routed or bridge@EWC (traffic thru the controller) and as soon as the client has put in username/password he'll get the authenticated role.

For this role use a bridge@AP topology.

Here a "normal" example...
https://community.extremenetworks.com/extreme/topics/how-to-identifi-wireless-appliances-guest-porta...

So just change the topology in the "2) create roles" section.
!!! you should use a very low DHCP lease time on the first toplogy, so if the client is switching roles/topology that he'll renew his IP !!!

-Ron
Photo of Laura

Laura

  • 1,550 Points 1k badge 2x thumb
I think I am trying to create the same thing, if this is what it does:...this captive portal lets guests users logon to a guest SSID and only be able to access the internet, not our other network resources?
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 51,164 Points 50k badge 2x thumb
Hi Laura,

Yes, if you configure it per the above example you should be fine.

If you don't use a dedicated firewall for guest access (= the FW is also used for your internal network) make sure to create rules on the firewall to deny traffic from the guest VLAN to the intranet interfaces/resources.

-Ron
Photo of Laura

Laura

  • 1,550 Points 1k badge 2x thumb
I am just confused on what IP addresses to use, since I am not very familiar with our network. I will need to find out my default gawteway and dns servers, correct? the rest I just create on my own?
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 51,164 Points 50k badge 2x thumb
TheĀ easiest and most secure way (guest can't access intranet) is to connect the controller directly via a unused port to a unused port on the firewall.
The FW is the default gateway and you could use the Google DNS 8.8.8.8 & 8.8.4.4.