Extreme Networks

johnmcclane88 · ‎08-09-2023

Hello to everyone! I'm on my way to setup External Captive Portal for WING Controller. And I have a problem: clients in guest WLAN can't get IP address via DHCP. I tried several different options but I got no luck:(
-------------------------------------------------------
My config on controller:
-------------------------------------------------------

aaa-policy WNAM_AAA_POLICY
authentication server 1 host 172.16.2.88 secret 0 wnam_radius
authentication server 1 nac
accounting server 1 host 172.16.2.88 secret 0 wnam_radius
!
dns-whitelist WNAM_DNS_WHITELIST
permit 172.16.2.51
permit 172.24.2.51
permit 8.8.8.8
permit 172.16.2.88
!
captive-portal WNAM_PORTAL
server host 172.25.4.125
server mode centralized
inactivity-timeout 300
webpage-location external
webpage external login http://172.16.2.88/cp/wing?username=WING_TAG_CLIENT_MAC&ip=WING_TAG_CLIENT_IP&site=WING_TAG_RF_DOMAI...
webpage external welcome http://172.16.2.88/cp/wing_welcome
webpage external fail http://172.16.2.88/cp/wing_welcome
webpage external agreement http://172.16.2.88/cp/wing_welcome
webpage external acknowledgement http://172.16.2.88/cp/wing_welcome
webpage external registration http://172.16.2.88/cp/wing_welcome
webpage external no-service http://172.16.2.88/cp/wing_welcome
accounting radius
use aaa-policy WNAM_AAA_POLICY
use dns-whitelist WNAM_DNS_WHITELIST
!

wlan ETM-CP
description Test wlan
ssid captive-extreme
vlan 1
bridging-mode local
authentication-type none
no client-client-communication
use captive-portal WNAM_PORTAL
captive-portal-enforcement
accounting wait-client-ip
radius dynamic-authorization

!

profile ap7632 CP-ap7632
area 7sov
autoinstall configuration
autoinstall firmware
use radius-server-policy WNAM_RADIUS_POLICY
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan ETM-CP bss 1 primary
antenna-gain 4.0
antenna-mode 2x2
interface radio2
wlan ETM-CP bss 1 primary
antenna-gain 6.0
antenna-mode 2x2
interface bluetooth1
shutdown
mode le-sensor
interface ge1
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
logging on
service pm sys-restart
router ospf
dpi
dpi metadata voice-video
dpi metadata http
dpi metadata ssl
dpi metadata tcp-rtt
adoption-mode controller

---------------------------------------------------

Can anyone give me a hint to error in configuration or some missed settings? Thanks ahead

Alan_H · ‎08-10-2023

Hey John!

I think you are missing the DHCP policy and pool, it should be something like this:

!
dhcp-server-policy DHCP-NAME-SERVER
dhcp-pool DHCP-POOL-NAME
network 192.168.X.0/24
address range 192.168.X.100 192.168.X.200
default-router 192.168.X.1
dns-server 192.168.X.1
!

And dont forget to add the "use" command in the device profile config:

use dhcp-server-policy DHCP-NAME-SERVER

Hope it helps, cheers!

View solution in original post

Alan_H · ‎08-10-2023