Reset Search
 

 

Article

What are the "Unregistered" Role rules required for PBR redirection on the EWC for captive portal

« Go Back

Information

 
TitleWhat are the "Unregistered" Role rules required for PBR redirection on the EWC for captive portal
Question
What are the "Unregistered" Role rules required for PBR redirection on the EWC?
Environment
  • Extreme Identifi Wireless Controller
  • Extreme Control Identity & Access
  • Extreme NAC
Answer
The role structure needs to allow the following resources and configured in the following way to allow redirection from a PBR to NAC for captive portal:

The Unregistered role:
Allow DHCP
Allow DNS
Allow All NAC Appliances
Allow HTTP port 80,8080 with DSCP marking
Allow HTTPS port 443 with DSCP marking
Deny All
You will need to allow all NAC appliances in order to complete the registration process.

You will also need to allow HTTP and HTTPS with a DSCP TOS marking is configured on the routed interfaces PBR configuration for redirection.

Example of Port 80 rule in the EWC:
User-added image

Example of "NAC Redirect" Policy configured in EWC Class of Service:

User-added image

This configuration will put a DSCP marking of 0X40 on the HTTP and HTTPS packets that PBR will redirect to the NAC appliance.


 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255