Extreme Networks

littlefurball · ‎01-29-2016

Hi Everyone

Currently I'm using EWC v2110 and having a guest network topology configured as Bridge@AP tagged with Vlan ID 44. I'm trying to figure out a way to create a captive portal because my EWC is residing on a virtual machine that is on internal network VLAN 25. If possible I want to separate it from internal. Is there a way to make it work?

For captive portal to work is it a must to have it with Bridge@HWC?

Thanks.
Roger

Ostrovsky__Yury · ‎01-29-2016

Hi Roger, there are multiple solutions for either NAC/ECP or Internal/Guest portal for your scenario. One of them is what Andre mentioned. Others can include : policy based routing, dns cache with Nac, split tunnel. One think I want to note - if you decide to go with what Andre proposed, make sure you set very low dhcp lease time for your 'non-authenticated' (or Unredistered) users , otherwise when client will be changing subnet there will be high chance that it will keep previous IP address. The lease time I usually set for that topology is 30 or 20 seconds, meaning that topology is dedicated and can be used only for on-boarding purpose.

Andre_Brits_Kan · ‎01-29-2016

Hi Roger Your best would be to include the Extreme NAC in the solution or use a external Captive Portal. When a guest initially connects you apply a unregistered policy to the guest. This unregistered policy will be configured to tunnel client traffic to the controller and present the Guest login page. Once the guest registers the NAC or External Captive portal can return a new policy (Using Radius Attributes) that changes the way the clients traffic is routed from bridge at the controller to bridge at the AP. Hope this helps - am have lots if this type of setup installed and all working great.

Extreme Networks

How to configure a captive portal if EWC is a VM and resides on internal network

How to configure a captive portal if EWC is a VM and resides on internal network