This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Redirecting Open SSID to Extreme Control

Redirecting Open SSID to Extreme Control

RobertD1
Contributor II

‎03-02-2022 08:57 AM

Hello,

I've configured an Open SSID on a network profile in XIQ and it is visible from my AP. If I connect to the SSID a web page pops up prompting me to Connect to a Wi-Fi hotspot and Connect to a sign in page. When I click Connect nothing happens at this point. This is in Windows 10. Not sure if the issue is with Control or XIQ? I see my machine in End-Systems against Open SSID and it hits Unregistered rule. I'm expecting a registration page?

402bc3cfa7994811b90e9494be0ddae3.png
4e5e80fdb4a34e1ea1890ed6e64047c5.png12047b4cb2c04190aa90fc1c05b90657.png
f214de0d8c2247e58e4d39081de4b0e7.png
aa445e18d4e3475c8c7684d97b3e295c.png

Thanks,
Rob
0 Kudos
4 REPLIES 4

Ryan_Yacobucci
Extreme Employee

‎03-08-2022 09:37 AM

Hello,

Thanks for posting all of this detail. There are many moving parts when it comes to successful captive portal. 

To answer your question: 

Is the idea that the AP redirects web traffic to access control using the IP Firewall object? This removes the need for a core router with PBR configured. All of my network is VLAN 1 and not routed, does this matter?

That is correct. There must be SOME mechanism in the network to redirect client traffic in order for NAC to send it's captive portal. Traditionally that was a PBR in the core router to send internet bound traffic to the NAC. 

Mostly today we see AP/Controller based redirection mechanisms that perform this task.

https://extremeportal.force.com/ExtrArticleDetail?an=000082067

The AP/Controller will spoof the destination site and send back a redirect error code with the a new URL that is the NAC appliance. The browser will them directly contact the NAC to display the captive portal. 


8aaa7971be0943528a45c780d481ad9b.png

Thanks
-Ryan

0 Kudos

RobertD1
Contributor II

‎03-04-2022 09:39 AM

After a lot of trial and error I have Guest Registration working. My environment is at home and there was a DNS issue. My test PC gets DHCP and DNS from my home router. So, after adding a host entry in my hosts file it all worked as expected.
0 Kudos

RobertD1
Contributor II

‎03-04-2022 04:10 AM

Is the idea that the AP redirects web traffic to access control using the IP Firewall object? This removes the need for a core router with PBR configured. All of my network is VLAN 1 and not routed, does this matter?
0 Kudos

RobertD1
Contributor II

‎03-02-2022 12:34 PM

On a different laptop I see in the URL display a connection to my EAC with Called-Station-Id (my MAC blacked out below) and a Welcome to the Enterprise Registration Center. Access Granted. If I click Click here to connect it redisplays the same screen. Again, not prompted to enter user details and register.

0ab42f242efe44c59ddbceb74c9877da.pngFinishes with Service Unavailable 503.

5d37d48fdf4d4a33a7aa4c0d41693142.png
0 Kudos
GTM-P2G8KFN