Question

NAC with 2 different Captive Portals


Userlevel 1
Hi All,

Our hospital customer, needs to configure two differet NAC Captive Portals, one for standard Guest Access with only registration, and other one for particular Guests, that receive an hospital's tablets when in the hospital. For this second type of Guest we need to configure a different Guest Portal that use registration and SMS code. This second type of Guests will have different SSID, Vlan and IP Network respect to the firstone.

Does anyone knows if it's possible configure two different Guest portal configuration on the same NAC gateway?

4 replies

Userlevel 2
It is absolutely possible. If you are using two different engine groups, each group can have it's own NAC profile and related portal. If you are using a single engine group, you can take advantage of "Location-Based Portals" (only available for full configuration via Java legacy clients at this time - i.e., NAC Manager). You would simply set up a location (ie., SSID = Guest Network) and configure a location-based portal (under "Features" of the nac configuration)
that is specific to that location.
Userlevel 5
Hello Claudio,

here is a suitable KB article:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-NAC-for-Advanced-Location...

Best regards
Stephan
Userlevel 1
Hi Guys

thanks a lot, I will tray the location based solution or eventually move one NAC Gateway to a second Engine Group and configure the second Guest Portal with SMS Gateway.

Best Regards to all
Claudio
Userlevel 5
Hi,

Once I had a POC with just one NAC GW and three captive portals: guest web access, authenticated registration and just AUP to confirm. This was achieved by having 3x Unregistered-like NAC profiling rules (and for each you select which portal shall be used) and three different accept profiles, based on MACs, hostnames and usernames.

That was the time I went mental. 😮 Not being able to combine MAC+hostname+IP end-system groups criteria was a bit challenging to satisfy the customer here.

Kind regards,
Tomasz

Reply