Remote APs - Captive portal

  • New Member
  • 24 replies
I have remotes APs and I want to set an SSID with a captive portal for guest access, but the Internet traffic should be from the local Internet connection where are the APs, not where the controller is located.

It's possible ?

5 replies

Userlevel 7
Yes, that is possible.
Set the topology for the non-authenticated role to either routed or bridge@EWC (traffic thru the controller) and as soon as the client has put in username/password he'll get the authenticated role.

For this role use a bridge@AP topology.

Here a "normal" example...

So just change the topology in the "2) create roles" section.
!!! you should use a very low DHCP lease time on the first toplogy, so if the client is switching roles/topology that he'll renew his IP !!!

Userlevel 1
I think I am trying to create the same thing, if this is what it does:...this captive portal lets guests users logon to a guest SSID and only be able to access the internet, not our other network resources?
Userlevel 7
Hi Laura,

Yes, if you configure it per the above example you should be fine.

If you don't use a dedicated firewall for guest access (= the FW is also used for your internal network) make sure to create rules on the firewall to deny traffic from the guest VLAN to the intranet interfaces/resources.

Userlevel 1
I am just confused on what IP addresses to use, since I am not very familiar with our network. I will need to find out my default gawteway and dns servers, correct? the rest I just create on my own?
Userlevel 7
The easiest and most secure way (guest can't access intranet) is to connect the controller directly via a unused port to a unused port on the firewall.
The FW is the default gateway and you could use the Google DNS &