IdentiFi Wireless Appliances - Guest Portal with Branches /Routed


Hi,
i need some help how to avoid to tunnel all gust traffic to the Controller when uses one Central Controller and Branches within the VPN Network.

Long Version:
We have a Customer with a Central C35 Controller with is Managing the Accesspoints on 3 Branches with are connected throug VPN. When i configure the Guest Portal like https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-a-Guest-Portal-Service the topology is set to Bridged@EWC. In this Case all traffic that is generated within the Gustnetwork is tunnel over the VPN and the Breakout is in the Headoffice. How is the correct configuration to avoid this.
Thanks a lot
Stefan

2 replies

Userlevel 1
Hi Stefan,

when you want to use the buildin guest portal you can still use your configuration to let the guest login with the given accounts, after they successfully logged in, they are authenticated. In the VNS configuration window you can apply a different ROLE für the authenticated state. Therefor you can use a BridgeTraffic@AP Role.
So when the user is authenticated the Topology will change for them. You just need to set a short lease time of the NON-Auth Topology and need an local DHCP-Server in every branch for the AUTH-Role.

Hope this helps
Userlevel 5
Hi Stefan

You will require Extreme NAC or an external guest portal, you will not be able to use the Internal POrtal page.
You can then use the HTTP/HTTPS redirect at the AP.

When a guest connects he would get the B@AP unregistered role.
This role will then redirect the guest to the Guest Portal on NAC or the extrenal Portal.
Once the client have finished registering an updated policy is applied to the guest bridging localy at the AP.

I have numerous sites running like this.

Reply