12-30-2020 12:53 PM
Hi,
This was a tough one to decide where the place the question because it covers identifi, XMC, Control, policy…..
Anyway, the issue is that I have a identifi wireless controller that is using a Guest SSID that uses the internal controllers captive portal. That means there is no redirect URL you need to configure like when configuring external captive portal via ExtremeControl.
The solution needs to be harmonised with XMC / Policy / Control. If I was using External captive portal I can easily configure redirect rules through policy to go to the URL I need.
The identifi internal captive portal isn’t configured in that way i.e. the rules look like the below for Guest Unauthenticated role:
Normal internet traffic is denied access and HTTP traffic is simply redirected internally to the controller IP (172.31.255.201) to display the captive portal page.
I can’t replicate these rules the same in XMC / Policy, i.e. if I import these rules into the XMC, save to domain and export them out is replaces the to 0.0.0.0/0 allow and deny rules for a 0:/ rule, and internal captive portal breaks.
Maybe the answer is to add redirect rules much like you would for external captive portal but simply point to the identifi controllers IP address (72.31.255.201)?
Wondering if anyone has any experience of this and can advise.
Many thanks in advance.
Solved! Go to Solution.
01-01-2021 11:15 PM
Hello,
After you tick the Rule Based Redirection Mig pointed out you need to create redirect rules. I just had a look on the policy of our IdentiFi that hosts a captive portal. Afterwards make sure you set the redirection URL to Own WLAN (which is the controller) in the “VLAN & Class of Service” tab. Hope this results to your intended behavior.
Best regards,
Yannick
01-01-2021 11:15 PM
Hello,
After you tick the Rule Based Redirection Mig pointed out you need to create redirect rules. I just had a look on the policy of our IdentiFi that hosts a captive portal. Afterwards make sure you set the redirection URL to Own WLAN (which is the controller) in the “VLAN & Class of Service” tab. Hope this results to your intended behavior.
Best regards,
Yannick
12-31-2020 03:50 PM
Hi Martin,
If I remember well, some rules were needed on Identify.
I don’t remember if it was only http or redirect rule and I don’t have an Identify to check that.
This is to allow on the AP the traffic from the client to the controller.
Check on the Integration Guide of the Identify, there is a good section for the internal captive portal setup. And this little flag in the screenshot here below turned me mad for some time...
Mig