This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Identifi Internal Captive Portal Redirection Via Policy

Identifi Internal Captive Portal Redirection Via Policy

Go to solution
Anonymous
Not applicable

‎12-30-2020 12:53 PM

Hi,

This was a tough one to decide where the place the question because it covers identifi, XMC, Control, policy…..

Anyway, the issue is that I have a identifi wireless controller that is using a Guest SSID that uses the internal controllers captive portal. That means there is no redirect URL you need to configure like when configuring external captive portal via ExtremeControl.

The solution needs to be harmonised with XMC / Policy / Control. If I was using External captive portal I can easily configure redirect rules through policy to go to the URL I need.

The identifi internal captive portal isn’t configured in that way i.e. the rules look like the below for Guest Unauthenticated role:

 

931235c3729f4702b87a9ce488dd653e_e009cda6-fc6b-4410-93d7-b291acbeddc3.png

 

Normal internet traffic is denied access and HTTP traffic is simply redirected internally to the controller IP (172.31.255.201) to display the captive portal page.

I can’t replicate these rules the same in XMC / Policy, i.e. if I import these rules into the XMC, save to domain and export them out is replaces the to 0.0.0.0/0 allow and deny rules for a 0:/ rule, and internal captive portal breaks.

Maybe the answer is to add redirect rules much like you would for external captive portal but simply point to the identifi controllers IP address (72.31.255.201)?

Wondering if anyone has any experience of this and can advise.

Many thanks in advance.

 

 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
yas1
New Contributor II

‎01-01-2021 11:15 PM

Hello,

After you tick the Rule Based Redirection Mig pointed out you need to create redirect rules. I just had a look on the policy of our IdentiFi that hosts a captive portal. Afterwards make sure you set the redirection URL to Own WLAN (which is the controller) in the “VLAN & Class of Service” tab. Hope this results to your intended behavior.

15127a8026414d639c030d72aa7ec2c5_109944cd-f813-4d59-b723-3c40f1997fa3.png
15127a8026414d639c030d72aa7ec2c5_deb86b57-ac6a-489b-aa7d-1452fb2c52bb.png

 

Best regards,
Yannick

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
yas1
New Contributor II

‎01-01-2021 11:15 PM

Hello,

After you tick the Rule Based Redirection Mig pointed out you need to create redirect rules. I just had a look on the policy of our IdentiFi that hosts a captive portal. Afterwards make sure you set the redirection URL to Own WLAN (which is the controller) in the “VLAN & Class of Service” tab. Hope this results to your intended behavior.

15127a8026414d639c030d72aa7ec2c5_109944cd-f813-4d59-b723-3c40f1997fa3.png
15127a8026414d639c030d72aa7ec2c5_deb86b57-ac6a-489b-aa7d-1452fb2c52bb.png

 

Best regards,
Yannick

0 Kudos

Go to solution
Miguel-Angel_RO
Valued Contributor II

‎12-31-2020 03:50 PM

Hi Martin,

If I remember well, some rules were needed on Identify.

I don’t remember if it was only http or redirect rule and I don’t have an Identify to check that.

This is to allow on the AP the traffic from the client to the controller.

Check on the Integration Guide of the Identify, there is a good section for the internal captive portal setup. And this little flag in the screenshot here below turned me mad for some time...

7ef383329af04cc3b2ed66ce3b4e0bdd_e7daf2a7-3c8c-4858-b01b-8b1e2d8568c7.png

Mig

0 Kudos
GTM-P2G8KFN