Solved

NAC with 2 different Captive Portals

  • 20 November 2018
  • 6 replies
  • 364 views

Userlevel 1
Hi All,

Our hospital customer, needs to configure two differet NAC Captive Portals, one for standard Guest Access with only registration, and other one for particular Guests, that receive an hospital's tablets when in the hospital. For this second type of Guest we need to configure a different Guest Portal that use registration and SMS code. This second type of Guests will have different SSID, Vlan and IP Network respect to the firstone.

Does anyone knows if it's possible configure two different Guest portal configuration on the same NAC gateway?
icon

Best answer by Claudio D'Ascenzo 30 May 2019, 08:57

Hi resolved using the location based services, like Rodney sed, in that case you have to configure different Unregistered and registered policy for location based services, in my case on differet SSID.

I have configured two different captive portal, one with name, surname and email for Guest Portal and the other one with name surname and phone number, with pass code sent by SMS (for location based services).

Best regards
Claudio
View original

6 replies

Userlevel 1
Hi resolved using the location based services, like Rodney sed, in that case you have to configure different Unregistered and registered policy for location based services, in my case on differet SSID.

I have configured two different captive portal, one with name, surname and email for Guest Portal and the other one with name surname and phone number, with pass code sent by SMS (for location based services).

Best regards
Claudio
I'm having the same issue. I Tried to configure as Rodney said, below, but when i finish and enforce the configuration of the second portal, it assumes the same thing to the first portal, even if its not using the same config


How can i avoid this?


It is absolutely possible. If you are using two different engine groups, each group can have it's own NAC profile and related portal. If you are using a single engine group, you can take advantage of "Location-Based Portals" (only available for full configuration via Java legacy clients at this time - i.e., NAC Manager). You would simply set up a location (ie., SSID = Guest Network) and configure a location-based portal (under "Features" of the nac configuration)
that is specific to that location.
Userlevel 5
Hi,

Once I had a POC with just one NAC GW and three captive portals: guest web access, authenticated registration and just AUP to confirm. This was achieved by having 3x Unregistered-like NAC profiling rules (and for each you select which portal shall be used) and three different accept profiles, based on MACs, hostnames and usernames.

That was the time I went mental. 😮 Not being able to combine MAC+hostname+IP end-system groups criteria was a bit challenging to satisfy the customer here.

Kind regards,
Tomasz
Userlevel 1
Hi Guys

thanks a lot, I will tray the location based solution or eventually move one NAC Gateway to a second Engine Group and configure the second Guest Portal with SMS Gateway.

Best Regards to all
Claudio
Userlevel 5
Hello Claudio,

here is a suitable KB article:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-NAC-for-Advanced-Location...

Best regards
Stephan
Userlevel 3
It is absolutely possible. If you are using two different engine groups, each group can have it's own NAC profile and related portal. If you are using a single engine group, you can take advantage of "Location-Based Portals" (only available for full configuration via Java legacy clients at this time - i.e., NAC Manager). You would simply set up a location (ie., SSID = Guest Network) and configure a location-based portal (under "Features" of the nac configuration)
that is specific to that location.

Reply