https://community.extremenetworks.com/t5/extremecontrol/wired-captive-portal-authentication-roles-and-services/m-p/117290#M1999 <P>Hi everyone!</P><P>I want to authenticate wired clients with the control captive portal.<BR />I got universal 5420F Switches running EXOS/Switch Engine.</P><P>The goal is:<BR />All unregistered clients shall be moved to VLAN 400 and redirected to the portal.<BR />After portal login, the switch needs to apply a different role/policy to the client, based on user groups, to limit network access.<BR />The VLAN dose not change.</P><P>What I got:<BR />I created a role “Unregistriert”, which uses “Contain to VLAN 400” and “HTTP redirect”.<BR />The role has some services/rules attached to allow arp, dhcp, dns and traffic to the portal. Last rule should deny all ipv4 traffic.&nbsp; (See Screenshots)<BR /><BR /></P><P>A client connects, the switch applys "Unregistriert", client is moved to VLAN 400 and gets redirect to the portal, this is working.<BR /><BR />But even without logging in to the portal, the client has full network and internet access.<BR /><BR />Do you know what is wrong?<BR /><BR /></P><P>172.17.32.0/20 is the Client subnet in VLAN 400</P><P>172.31.2.31 is the control engine.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Niko_P_2-1736346570530.png" style="width: 999px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/8661i09EA9732D7BED66F/image-size/large?v=v2&amp;px=999" role="button" title="Niko_P_2-1736346570530.png" alt="Niko_P_2-1736346570530.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Niko_P_0-1736346454660.png" style="width: 950px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/8659iB691231A7163A94F/image-dimensions/950x261?v=v2" width="950" height="261" role="button" title="Niko_P_0-1736346454660.png" alt="Niko_P_0-1736346454660.png" /></span></P><P>&nbsp;</P><P>Best regards<BR />Niko</P> Wed, 08 Jan 2025 14:36:45 GMT Niko_P 2025-01-08T14:36:45Z https://community.extremenetworks.com/t5/extremecontrol/wired-captive-portal-authentication-roles-and-services/m-p/117290#M1999 <P>Hi everyone!</P><P>I want to authenticate wired clients with the control captive portal.<BR />I got universal 5420F Switches running EXOS/Switch Engine.</P><P>The goal is:<BR />All unregistered clients shall be moved to VLAN 400 and redirected to the portal.<BR />After portal login, the switch needs to apply a different role/policy to the client, based on user groups, to limit network access.<BR />The VLAN dose not change.</P><P>What I got:<BR />I created a role “Unregistriert”, which uses “Contain to VLAN 400” and “HTTP redirect”.<BR />The role has some services/rules attached to allow arp, dhcp, dns and traffic to the portal. Last rule should deny all ipv4 traffic.&nbsp; (See Screenshots)<BR /><BR /></P><P>A client connects, the switch applys "Unregistriert", client is moved to VLAN 400 and gets redirect to the portal, this is working.<BR /><BR />But even without logging in to the portal, the client has full network and internet access.<BR /><BR />Do you know what is wrong?<BR /><BR /></P><P>172.17.32.0/20 is the Client subnet in VLAN 400</P><P>172.31.2.31 is the control engine.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Niko_P_2-1736346570530.png" style="width: 999px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/8661i09EA9732D7BED66F/image-size/large?v=v2&amp;px=999" role="button" title="Niko_P_2-1736346570530.png" alt="Niko_P_2-1736346570530.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Niko_P_0-1736346454660.png" style="width: 950px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/8659iB691231A7163A94F/image-dimensions/950x261?v=v2" width="950" height="261" role="button" title="Niko_P_0-1736346454660.png" alt="Niko_P_0-1736346454660.png" /></span></P><P>&nbsp;</P><P>Best regards<BR />Niko</P> Wed, 08 Jan 2025 14:36:45 GMT https://community.extremenetworks.com/t5/extremecontrol/wired-captive-portal-authentication-roles-and-services/m-p/117290#M1999 Niko_P 2025-01-08T14:36:45Z https://community.extremenetworks.com/t5/extremecontrol/wired-captive-portal-authentication-roles-and-services/m-p/117331#M2000 <P>Problem is solved!<BR /><BR />First:<BR />I had set "Global Domain Settings" to "Role ACL Mode".<BR />I unchecked that.<BR /><BR />Second:<BR />I changed the "Unregistriert" Role - Access Control to Deny Traffic<BR /><BR />Third:<BR />I use the RFC 3580 - VLAN ID<BR />Which sets the VLAN via Accept Policy<BR /><BR />And last I changed some of the services.<BR /><BR /></P><P>Best Regards<BR />Niko</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Niko_P_0-1736437195812.png" style="width: 999px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/8670i0DC73CF4E47B008C/image-size/large?v=v2&amp;px=999" role="button" title="Niko_P_0-1736437195812.png" alt="Niko_P_0-1736437195812.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Niko_P_1-1736437246060.png" style="width: 999px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/8671iA64464E83A590116/image-size/large?v=v2&amp;px=999" role="button" title="Niko_P_1-1736437246060.png" alt="Niko_P_1-1736437246060.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Niko_P_2-1736437297038.png" style="width: 999px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/8672i92EC57C253719E5A/image-size/large?v=v2&amp;px=999" role="button" title="Niko_P_2-1736437297038.png" alt="Niko_P_2-1736437297038.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Niko_P_3-1736437377692.png" style="width: 999px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/8673iC6B22DB5CF44CD7C/image-size/large?v=v2&amp;px=999" role="button" title="Niko_P_3-1736437377692.png" alt="Niko_P_3-1736437377692.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Niko_P_4-1736437454160.png" style="width: 999px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/8674i6343EF1AA4E481AA/image-size/large?v=v2&amp;px=999" role="button" title="Niko_P_4-1736437454160.png" alt="Niko_P_4-1736437454160.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Niko_P_5-1736437491594.png" style="width: 999px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/8675iB97F131C0D84D557/image-size/large?v=v2&amp;px=999" role="button" title="Niko_P_5-1736437491594.png" alt="Niko_P_5-1736437491594.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Niko_P_0-1736437930720.png" style="width: 999px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/8676i54EE1DCE0A32AC66/image-size/large?v=v2&amp;px=999" role="button" title="Niko_P_0-1736437930720.png" alt="Niko_P_0-1736437930720.png" /></span></P><P>&nbsp;</P> Thu, 09 Jan 2025 15:48:58 GMT https://community.extremenetworks.com/t5/extremecontrol/wired-captive-portal-authentication-roles-and-services/m-p/117331#M2000 Niko_P 2025-01-09T15:48:58Z