Showing results for 
Search instead for 
Did you mean: 

IdentiFi Wireless Appliances - Guest Portal with Branches /Routed

IdentiFi Wireless Appliances - Guest Portal with Branches /Routed

New Contributor II

i need some help how to avoid to tunnel all gust traffic to the Controller when uses one Central Controller and Branches within the VPN Network.

Long Version:
We have a Customer with a Central C35 Controller with is Managing the Accesspoints on 3 Branches with are connected throug VPN. When i configure the Guest Portal like the topology is set to Bridged@EWC. In this Case all traffic that is generated within the Gustnetwork is tunnel over the VPN and the Breakout is in the Headoffice. How is the correct configuration to avoid this.
Thanks a lot


Contributor II
Hi Stefan

You will require Extreme NAC or an external guest portal, you will not be able to use the Internal POrtal page.
You can then use the HTTP/HTTPS redirect at the AP.

When a guest connects he would get the B@AP unregistered role.
This role will then redirect the guest to the Guest Portal on NAC or the extrenal Portal.
Once the client have finished registering an updated policy is applied to the guest bridging localy at the AP.

I have numerous sites running like this.

New Contributor III
Hi Stefan,

when you want to use the buildin guest portal you can still use your configuration to let the guest login with the given accounts, after they successfully logged in, they are authenticated. In the VNS configuration window you can apply a different ROLE für the authenticated state. Therefor you can use a BridgeTraffic@AP Role.
So when the user is authenticated the Topology will change for them. You just need to set a short lease time of the NON-Auth Topology and need an local DHCP-Server in every branch for the AUTH-Role.

Hope this helps