Reset Search
 

 

Article

How to create a Guest Portal Service

« Go Back

Information

 
TitleHow to create a Guest Portal Service
Objective
How to create a Guest Portal Service 
Environment
  • IdentiFi
  • Firmware All
  • Guest Portal 
  • Guest Services
  • Captive Portal
Procedure
Network diagram:



1 . Create a topology
  • In this example the "Bridge Traffic Locally at EWC" mode is used.
  • The traffic from the wireless client is transported from the AP via the CAPWAP tunnel to the appliances and out on interface esa1 port with VLAN ID/tag.
  • DHCP is set to "Local Server" so the appliance will provide the IP addresses and DNS information to the guest clients, or you could use a remote DHCP server. 

 
  • Click "Configure" for the DHCP advanced options to set (optional local dhcp like Microsoft preferred) 
  • DNS
  • Gateway
  • IP Range



2.  Create Roles
  • Add a new role for the unauthenticated guest users (= clients that are connected to the SSID but haven't registered yet via the guest portal page).
  • Set "access control" to "Containment VLAN" and in the field "VLAN" choose the topology that was created in step 1.


 
  • In "Policy Rules" add the following rules to allow certain services to redirect the clients to the portal page.
  • IP of the topology - Allows access to the portal page (verify if HTTP or HTTPS is needed)
  • DHCP -  Allows Client to get a IP from the DHCP server
  • DNS = Allows website name resolution
  • Allows All traffic FROM the network to pass to the Client
  • Deny all traffic 
  • In/Out must be set correct and remove the checkmark from AP filtering !!!
  • In this scenario it would look like...

 
  • Add a new role for the authenticated guest users, this gets applied to the Client after the Clients credentials are verified. 
  • Set "access control" to "Containment VLAN" and in the field "VLAN" choose the topology that was created in step 1
  • In this example we allow ALL traffic to pass so there is no need to add rules in "Policy Rules" - If you'd like to deny certain services add deny rules to this Role.



3. Create a WLAN Service
  • Set the "Default Topology" to your guest portal topology
  • Select the AP that should provide the guest SSID
  • NOTE: In the advanced options tab it's might be a good idea to select "Block MU to MU traffic". This will block traffic between guest Clients on the same WLAN-Service.

 
  • Leave the privacy settings to "None"

 
  • Set the "Mode" to "Guest Portal"

 
  • Enabled "WMM", If needed add "802.11e" and or "Flexible Client Access"



4.  Create a Virtual Network
  • Add a new VNS and select the the "WLAN Service" from 3) and the "Non-Authenticated" and "Authenticated" roles from Step 2.



5.  Create a guest ticket
  • In the GUI go to > VNS > WLAN Services > guest_portal > Auth&Acc > Configure > Manage Guest Users > Add Guest Account
  • Add a new ticket to test the guest portal
  • NOTE: Don't forget to set the "Enabled" checkmark



6.  Test and confirm it's working
  • Connect the wireless client to the guest_portal SSID
  • Check the > Reports > Clients > By VNS > guest portal
  • You should see that the client has a IP of 10.12.5.X and is unauthenticated (= the lock on the left is open/grey)

 
  • Open a web browser and put in any valid webpage address, use HTTP first to confirm it's working... http://cnn.com
  • You should get redirected to the captive portal webpage of the controller
  • Enter in the username and password and you should have access to the internet

 
  • Check the > Reports > Clients > By VNS > guest portal
  • You should see that the client is now authenticated, NOTE: lock on the left closed/green)
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255