cancel
Showing results for 
Search instead for 
Did you mean: 

XCC & Control Captive Portal

XCC & Control Captive Portal

Glenn
New Contributor II
We are running a captive portal on Control (v8.5.6.17) and trying to migrate to XCC (05.36.03.0017). I have WPA2/Enterprise networks working but captive portal is causing me some grief.

Essentially the endpoint is placed into the correct network and is challenged by the captive portal (to accept T&Cs) but their network access is not restricted as an unregistered user.. they can browse the internet when this should not be allowed until they become registered. My understanding is that the 'unregistered' role is built-in to XCC and it should be preventing access. Any tips on how to stop traffic until the registered phase?

a201c131fe3a4e2fa976e519bef6ac88.png
I have tried these rules but they dont seem to have any effect. If I change the default action to deny on the unregistered role they get no access network access at all (i.e. not even captive portal).
d28448b43c484df89a5427dd56d1a19d.png
1 ACCEPTED SOLUTION

Glenn
New Contributor II

I raised a GTAC ticket and had some assistance. Essentially with XCC 5.36 the role name used for captive portal has changed. When you create a captive portal a "Onboard / Rule" is created and it is the name of this rule that must be returned by control. In my case the default rules were all I needed (didn't need to add services to the role in policy).

XCC Onboard Rule:
725ec3895a3543d799ea02420730a2ee.png
Policy Role in Control with matching Name:

899f6ef15a724b00b31fec3b247a60f6.png

View solution in original post

2 REPLIES 2

Glenn
New Contributor II

I raised a GTAC ticket and had some assistance. Essentially with XCC 5.36 the role name used for captive portal has changed. When you create a captive portal a "Onboard / Rule" is created and it is the name of this rule that must be returned by control. In my case the default rules were all I needed (didn't need to add services to the role in policy).

XCC Onboard Rule:
725ec3895a3543d799ea02420730a2ee.png
Policy Role in Control with matching Name:

899f6ef15a724b00b31fec3b247a60f6.png

Gareth_Mitchell
Extreme Employee
Hi Glenn

Which role are you returning in the unauthenticated state, it should be Unregistered role for network <network> if you are using the automatically generated role?

If you are using your own unregistered role, have you added some specific "redirect" rules into that role.

If the above doesn't help then it maybe worth opening a case with GTAC.

-Gareth
GTM-P2G8KFN