This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

XCC & Control Captive Portal

XCC & Control Captive Portal

Go to solution
Glenn
New Contributor II

‎11-23-2021 04:19 PM

We are running a captive portal on Control (v8.5.6.17) and trying to migrate to XCC (05.36.03.0017). I have WPA2/Enterprise networks working but captive portal is causing me some grief.

Essentially the endpoint is placed into the correct network and is challenged by the captive portal (to accept T&Cs) but their network access is not restricted as an unregistered user.. they can browse the internet when this should not be allowed until they become registered. My understanding is that the 'unregistered' role is built-in to XCC and it should be preventing access. Any tips on how to stop traffic until the registered phase?

a201c131fe3a4e2fa976e519bef6ac88.png
I have tried these rules but they dont seem to have any effect. If I change the default action to deny on the unregistered role they get no access network access at all (i.e. not even captive portal).
d28448b43c484df89a5427dd56d1a19d.png
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Glenn
New Contributor II

‎11-25-2021 03:23 PM

I raised a GTAC ticket and had some assistance. Essentially with XCC 5.36 the role name used for captive portal has changed. When you create a captive portal a "Onboard / Rule" is created and it is the name of this rule that must be returned by control. In my case the default rules were all I needed (didn't need to add services to the role in policy).

XCC Onboard Rule:
725ec3895a3543d799ea02420730a2ee.png
Policy Role in Control with matching Name:

899f6ef15a724b00b31fec3b247a60f6.png

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
Glenn
New Contributor II

‎11-25-2021 03:23 PM

I raised a GTAC ticket and had some assistance. Essentially with XCC 5.36 the role name used for captive portal has changed. When you create a captive portal a "Onboard / Rule" is created and it is the name of this rule that must be returned by control. In my case the default rules were all I needed (didn't need to add services to the role in policy).

XCC Onboard Rule:
725ec3895a3543d799ea02420730a2ee.png
Policy Role in Control with matching Name:

899f6ef15a724b00b31fec3b247a60f6.png

0 Kudos

Go to solution
Gareth_Mitchell
Extreme Employee

‎11-25-2021 05:04 AM

Hi Glenn

Which role are you returning in the unauthenticated state, it should be Unregistered role for network <network> if you are using the automatically generated role?

If you are using your own unregistered role, have you added some specific "redirect" rules into that role.

If the above doesn't help then it maybe worth opening a case with GTAC.

-Gareth
0 Kudos
GTM-P2G8KFN