Question

Guest Access Workflow Question - Temp Access?

  • 12 February 2021
  • 3 replies
  • 30 views

We recently made the jump to Extreme/Aerohive, but held off on rolling out Guest access because the building is closed to outsiders due to Covid. I still need to get Guest access working 100%.


Right now what I have comes straight from the Aerohive/Extreme docs:
-Guest connects to “Guest-Registration” SSID
-Fills out form (name, email, phone)
-dropped from “Guest-Registration” SSID
-Email sent with PPSK and the SSID to connect to
-Guest connects to the SSID provided in the email with the provided PPSK

All that works fine and was easy to setup (thank you Aerohive/Extreme!).

My question...how can I allow the Guest to stay connected to the “Guest-Registration” for up to 15 minutes (with unrestricted access) so they can actually go and check their email to get the email with their guest credentials?

Thanks!

+++Jeff


3 replies

Userlevel 6

Hi Jeff, so glad to hear the guest registration set up was easy! To answer your question, we would usually be able to create a walled garden to allow access to certain sites (such as email) prior to completing sign-on, but I set this up in my lab real quick and it doesn’t look like that we have the option to set up a walled garden with the self registration captive web portal (CWP). 

Some possible alternatives: When guests register with the self registration email, their new credentials will be displayed on the device they registered with, so they could take a screen shot or write it down real quick and then go to the registration SSID, without needing to access their email.

There is also the option of delivering PPSK self registration credentials via a text message to the guests phone (you’d set this up in the user group settings). 

If you’d like to request that we add in the ability to create a walled garden to self registration CWPs, I’d encourage you to contact your sales engineer (SE) to file a feature request. If you’re not sure who to contact for your SE, please let me know where you are located and I will find you a local SE to speak to. 

My apologies for the delayed response.

So you’re saying Extreme/HiveManager does not have this capability yet? I’m frustrated because to me it seems so basic that it would be crazy not to have. I know factually that other top competitors of Extreme have it because I’ve implemented it.

In my thinking and reasoning, the following come to mind:
-what’s stopping someone from giving us a phony email address?
-with an invalid email address, how does someone like me reach out to the user for any of a laundry list of reasons?
-if they’re the type that gives phony email addresses, what’s stopping them from doing other dishonest actions if I let them on the network? It’s kind of a slippery slope quickly.
-what about the people who don’t txt or pay-per-text?? They are still out there, I was actually one until very recently because I keep my cell bill impressively low. I legitimately have visitors who are older that do not txt.

 

If I’m stuck going to my Extreme Account Exec and my Extreme Systems Engineer I will, but there are no words to express my frustration that Extreme lacks this basic capability for securing my guest network.

Userlevel 3

Hi Jeff,

Have you looked into the Extreme Guest application that’s included with XIQ Pilot licencing? This has a more customisability, including the option to add a walled garden. Users can still get their own individual keys that are sent out via email/text as with a PPSK, just that it’s in a separate section of XIQ. An additional benefit (in my opinion) is that the registration SSID and the actual guest SSID are the same, therefore, there’s no need to switch between the two.

Flow: Connect to Guest-SSID > splash page displayed > user enters details such as name, email, phone etc [optionally they can also add a “sponsor”, so they’d have to enter someone’s email of a certain domain (i.e. your own) to get approved access] > user gets credentials sent through email/text > user enters the details on the login section of the splash page

Reply