This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Wireless
- ExtremeWireless (Identifi)
- RE: How to create a Guest network on EWC C5210, a...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How to create a Guest network on EWC C5210, and only allow guests to get on internet, not the internal network, with login required.
How to create a Guest network on EWC C5210, and only allow guests to get on internet, not the internal network, with login required.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-09-2015 06:00 PM
How to create a Guest network on EWC C5210, and only allow guests to get on internet, not the internal network, with login required.
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-09-2015 06:35 PM
Hi Laura,
The easiest way to do that is using the VNS wizard by selecting "New..." in the Controller VNS menu. Select "Start VNS Wizard, and create a Captive Portal topology, and in the next screen choose GuestPortal from the Authentication Mode drop down. Continue through the wizard which will step you through setting up the Topology and subnet that guest users will be on, and add in what AP's you want to broadcast the SSID.
After saving, this will set up a default non-authenticated and authenticated Role for the guest network. To restrict users to the internet only, you can go to the Role > Authenticated Policy > Filters and add a Deny statement at the bottom, and then add in Allow rules for DHCP, DNS, HTTP, HTTPS above that.
If you would like to use an existing Topology for guest users, but still restrict them to the internet only, you can change the Contain to VLAN be any L3 topology that is configured.
To configure guest user login access, go to WLAN Services, select your guest WLAN. Then select the Auth & Acct tab and Configure to add user names and passwords, time of day restrictions, etc.
Hope that helps.
Regards,
Jason
The easiest way to do that is using the VNS wizard by selecting "New..." in the Controller VNS menu. Select "Start VNS Wizard, and create a Captive Portal topology, and in the next screen choose GuestPortal from the Authentication Mode drop down. Continue through the wizard which will step you through setting up the Topology and subnet that guest users will be on, and add in what AP's you want to broadcast the SSID.
After saving, this will set up a default non-authenticated and authenticated Role for the guest network. To restrict users to the internet only, you can go to the Role > Authenticated Policy > Filters and add a Deny statement at the bottom, and then add in Allow rules for DHCP, DNS, HTTP, HTTPS above that.
If you would like to use an existing Topology for guest users, but still restrict them to the internet only, you can change the Contain to VLAN be any L3 topology that is configured.
To configure guest user login access, go to WLAN Services, select your guest WLAN. Then select the Auth & Acct tab and Configure to add user names and passwords, time of day restrictions, etc.
Hope that helps.
Regards,
Jason
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-09-2015 06:35 PM
Also - you can enable/disable individual AP's to the portal SSID in the WLAN Services screen.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-09-2015 06:35 PM
Laura,
You can use a bogus IP address in the wizard and then map it to a valid Topology with an IP address. There must be a L3 address available in order to direct users to the portal page for authentication.
Thanks,
Jason
You can use a bogus IP address in the wizard and then map it to a valid Topology with an IP address. There must be a L3 address available in order to direct users to the portal page for authentication.
Thanks,
Jason
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-09-2015 06:35 PM
going through the vns wizard... is there a way to apply the guest ssid to specific APs, to test it out, or do I have to apply to everyone.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-09-2015 06:35 PM
A topology tells your APs how to handle the wireless client's traffic. There are two kinds of topologies.
1. Bridged at AP: the client's traffic is bridged directly to the switchport that your AP is connected to. You can either bridge it untagged or tagged there.
2. Bridged at HWC/EWC: The client's traffic gets sent to the controller first and is egressed through one of the controller's physical LAN-Ports. Again you can choose to egress it either tagged or untagged.
Regardless of what configuration you choose, you have to make sure that the corresponding switchports where either your APs or your EWC are connected are configured accordingly.
Sooo. Let's say you want to put all your guests in VLAN 555 and egress their traffic through EWC's esa0 port. For achieving this, you create a new topology of the type "Bridged at EWC". Choose "tagged", VLAN ID 555 and port "esa0" . Make sure your switchport egresses VLAN 555 tagged to the EWCs esa0 port though! When configuring the VNS for your guests, you configure it to use this newly created topology.
Hope this helps.
1. Bridged at AP: the client's traffic is bridged directly to the switchport that your AP is connected to. You can either bridge it untagged or tagged there.
2. Bridged at HWC/EWC: The client's traffic gets sent to the controller first and is egressed through one of the controller's physical LAN-Ports. Again you can choose to egress it either tagged or untagged.
Regardless of what configuration you choose, you have to make sure that the corresponding switchports where either your APs or your EWC are connected are configured accordingly.
Sooo. Let's say you want to put all your guests in VLAN 555 and egress their traffic through EWC's esa0 port. For achieving this, you create a new topology of the type "Bridged at EWC". Choose "tagged", VLAN ID 555 and port "esa0" . Make sure your switchport egresses VLAN 555 tagged to the EWCs esa0 port though! When configuring the VNS for your guests, you configure it to use this newly created topology.
Hope this helps.
