Home > GUI > Configuration > Guest Access Wireless Network Settings
Logo

Guest Access Wireless Network Settings

Guest Access Wireless Network Settings

Configure a wireless network (SSID) for guest access. Configure a guest access SSID for a private client group.

Navigation

Navigate using the tab icons. Hover over an icon to see the name of the tab.

Configure > Network Policies > policy_name  > Wireless Networks > Add > Guest Access Network

or

Configure > Network Policies > policy_name  > Add Network > Add Guest Network

or

Configure > Network Policies > policy_name  > Wireless Networks > guest_access_ssid  > Edit

About Guest Access

A network policy can include one or more wireless networks, also referred to as SSIDs. A wireless network SSID is an alphanumeric string that identifies a set of authentication and encryption services that wireless clients and access points use when communicating with each other.

You can define a wireless network SSID for guest access that contains a simplified set of parameters—a wireless network Guest Access SSID profile—to direct how wireless devices process traffic for guest clients. For more information on SSIDs, see Wireless Networks and SSIDs.

Note

Note

Because a network policy can only have one key-based and one AP-based private client group (PCG) at a time, if you have one SSID with key-based PCG enabled, you will not be allowed to enable key-based PCG in another SSID in the same network policy. See Classification Rules Overview for more PCG information.

The process for creating and modifying a Guest Access SSID includes the following:

"Create and Modify a Guest Access SSID"

"Save, Verify, and Modify a Guest Access SSID"

"Deploy a Guest Access SSID"

Create and Modify a Guest Access SSID

Configure a wireless network Guest Access SSID as described in the following sections.

Note

Note

To view or modify parameters than are not included in this simplified Guest Access SSID configuration, navigate to Configure > Network Policies > Additional Settings or navigate to Configure > Common Objects.

Configure Guest Access SSID Names

In the New or Edit Guest Access SSID dialog box, enter the following:

SSID Name: Enter a new SSID name; this name can include up to 32 characters and cannot include spaces.

SSID Broadcast Name: Enter an SSID broadcast name or accept the one that ExtremeCloud IQ clones for you from the SSID name. This name can include up to 32 characters and can include spaces.

Configure Guest Access SSID Authentication Type

In the New or Edit Guest Access SSID dialog box, select the authentication type, Unsecured (Open) Network (unencrypted) or Secured Network (encrypted).

If you selected Unsecured (Open) Network, select the required unencrypted SSID type:

Guests can access the network without logging in: Guests can access the Internet through your wireless network without logging in or using a captive web portal.

Guests accept the use policy before accessing the network: Guests accept a captive web portal use policy (EULA) before they can access the Internet through your wireless network.

To view or change the captive web portal, continue with "Customize a Guest Access Captive Web Portal".

Guests can self-register, then sign in: (Not available in Hierarchical ExtremeCloud IQ on cloned network policies.) Guests are directed to a captive web portal, where they can self-register, and then sign in. Guests accomplish this with or without sponsoring employee approval.

Add employee approval: Create credentials for guests to use to log in to your network to access the Internet. See "Configure Guest Access Employee Approval" for more information.

To view or change the captive web portal, continue with "Customize a Guest Access Captive Web Portal".

If you selected Secured Network, select the required encrypted PSK or private PSK SSID configuration:

Create credentials for guests to log in to your network: Create client private PSK credentials.

Set the maximum number of clients per private PSK: Enter the maximum number of simultaneous guests allowed in each private PSK, from 1 through 15, or 0 for an unlimited number.

Set the MAC binding numbers per private PSK: Range= 1 to 5. More...Manually entering MAC addresses to PPSKs is tedious and error-prone. Extreme Networks AP devices support automatic MAC binding to private PSKs. When the first client authenticates with a private PSK, the AP device creates a PPSK list with room for one to five MAC addresses for smart phones, tablets, PCs and other clients. When the remaining clients authenticate using the same private PSK, the AP device automatically binds the remaining MAC addresses to the private PSK.

Choose a PPSK Server: When you are setting the MAC binding numbers, select the target PPSK server from the drop-down list. APs which perform added roles, such as DHCP, RADIUS, PPSK, and VPN servers, must have a static IP address.

Guests can self-register, then sign in. As an option, an employee can approve: Allow clients to register themselves, and then sign in using a private PSK, with or without employee approval.

Add employee approval: Select to create credentials for guests to log in to your network to access the Internet. See "Configure Guest Access Employee Approval" for more information.

Guest Self-Registration SSID: Enter an SSID name for private PSK Guest Access; this name can be up to 32 characters long and can include spaces. Guests can use the unique private PSK login credentials, then sign in to access the Internet through your wireless network.

Set the maximum number of clients per private PSK: Enter the maximum number of simultaneous guests allowed in each private PSK, from 1 through 15, or 0 for an unlimited number.

To view or change the captive web portal, continue with "Customize a Guest Access Captive Web Portal".

Create global password (PSK) credentials for your guests to log in to your network: Create client PSK credentials.

Enable Captive Web Portal: Select the check box to enable the PSK captive web portal, or clear to disable the captive web portal.

Password: Enter a PSK password for all client devices, from eight to 63 characters.

To view or change the captive web portal, continue with "Customize a Guest Access Captive Web Portal".

When you have completed all your changes, continue with "Save, Verify, and Modify a Guest Access SSID".

Customize a Guest Access Captive Web Portal

A captive web portal is a web page displayed to newly-connected users before they are granted access to other network resources. The captive web portal requires clients to register before assigning user profiles and network settings that allow access to the network beyond the Extreme Networks device with which they are associated. This page allows you to configure a captive web portal using the simplified Guest Access SSID configuration workflow. To configure a standard SSID captive web portal, see Captive Web Portal.

If you selected any of the following options, then select Customize Captive Web Portal and continue with the following sections:

Unsecured (Open) Network / Guests accept the use policy before accessing the network

Unsecured (Open) Network / Guests can self-register, then sign in, or

Secured Network / Guests can self-register, then sign in. As an option, an employee can approve, or

Secured Network / Create global password (PSK) credentials for your guests to log in to your network,

Name the Captive Web Portal

In the Customize Captive Web Portal panel, either accept the captive web portal Name assigned by ExtremeCloud IQ, or change it as required. Complete the remaining sections. When you are done, continue with "Save, Verify, and Modify a Guest Access SSID".

Change a Use Policy Acceptance Page

If your captive web portal contains a default use policy acceptance (UPA, or EULA) page, use these steps to modify it if needed:

  1. Name the captive web portal and select Use Policy Acceptance.
  2. Edit the use policy acceptance page colors, logo, language, and use policy acceptance text. To add a different logo, see "Add a New Logo".
  3. Select Preview and verify your use policy acceptance page.
  4. Select Back to Customize and complete the remaining sections. When you are done, continue with "Save, Verify, and Modify a Guest Access SSID".

Modify a Success Page

If your captive web portal contains a default success page, use the following steps to modify it if needed:

  1. Name the captive web portal and select Success Page.
  2. Modify the success page colors, logo, language, and welcome message text. To add a different logo, see "Add a New Logo".
  3. Select Preview and verify your success page.
  4. Select Back to Customize and complete the remaining sections. When you are done, continue with "Save, Verify, and Modify a Guest Access SSID".

Change a Landing Page

If your captive web portal includes a default landing page, which is the self-registration page used to obtain visitor information to generate credentials, use these steps to modify it if needed:

Complete these steps to check or change the landing page:

  1. After naming the captive web portal, in the Customize Captive Web Portal panel, select Landing Page.
  2. Edit the landing page colors, logo, language, existing and new user logins, and welcome message text. To add a different logo, see "Add a New Logo".
  3. Select Preview and verify your landing page.
  4. Select Back to Customize and complete the remaining sections. When you are done, continue with "Save, Verify, and Modify a Guest Access SSID".

Change an Error Page

If your captive web portal contains a default error page, use these steps to modify it if needed:

  1. After naming the captive web portal in the Customize Captive Web Portal panel, select Error Page.
  2. Edit the error page colors, logo, and language. To add a different logo, see "Add a New Logo".
  3. Select Preview and verify your error page.
  4. Select Back to Customize and complete the remaining sections. When you have completed all your changes, see "Save, Verify, and Modify a Guest Access SSID".

Add a New Logo

ExtremeCloud IQ supplies a default logo, and also allows you to add and delete your own logo files. The default file name is company_logo.png and its dimensions are 235 x 69 pixels at 300 ppi. If you replace this with a different image, make sure it has the same or nearly the same dimensions to avoid distortion. The logo files must be .png, .jpg, .bmp, or .gif format. No matter how wide or tall the added logo image file, ExtremeCloud IQ makes sure that the displayed logo fits inside a 228 x 87 pixel space.

  1. In the Customize Captive Web Portal panel, select Logo / Remove file to make room for the new logo file.
  2. Select Logo / Add new file and select Upload an image. Upload the new logo file, which will be visible under Available Images.
  3. Select Save.
  4. Select the required logo from the Logo drop-down list and then select Done.
  5. Complete any other required changes and select Save.

Complete the rest of the procedures in this section. When you are done, continue with the following sections.

Configure Guest Access Employee Approval

If you selected to add sponsor employee approval for guests, use the following steps to configure it.

  1. In the New or Edit Guest Access SSID dialog box, select Add employee approval.
  2. Enter a valid domain name (such as mycompany.com), to which the employee approvers belong.
  3. Select Add.
  4. Repeat the previous steps to add additional domain names.
  5. When you are finished, select Done.

Continue with one of the following sections:

"View and Modify Guest Access Pre-Defined Settings"

"View and Modify the Availability Schedule"

"Save, Verify, and Modify a Guest Access SSID"

Note

Note

When you select Add employee approval, ExtremeCloud IQ displays a landing page to guests. Guests must enter a known employee email address using an added domain name, such as JaneDoe@mycompany.com. When Jane Doe receives the email from ExtremeCloud IQ, she can then approve a login for the guest. ExtremeCloud IQ then sends a private PSK to the guest, which allows the guest to log in.

View and Modify Guest Access Pre-Defined Settings

You can use the pre-defined default Guest Access SSID settings, or you can configure your own settings. Use this procedure to create a new default user profile name and change the VLAN object used by this Guest Access SSID.

Note

Note

This procedure allows you to configure a new Default User Profile name and change the VLAN object used by this Guest Access SSID object. Navigate to Configure > Common Objects > Policy > User Profiles to manage default user profiles. Navigate to Configure > Common Objects > Basic > VLANs to manage VLAN objects.
  1. In the New or Edit Guest Access SSID dialog box select Pre-Defined Settings.
  2. To use the Guest Access SSID pre-defined settings, select Cancel, or select Next continue with "Deploy a Guest Access SSID". To change the Guest Access SSID pre-defined settings, continue with the next step.
  3. To modify pre-defined Guest Access settings to create a new default user profile or change the VLAN object used by this Guest Access SSID, in the Pre-Defined Guest Access Settings panel, enter a new default user profile name, and if required, define a new VLAN object name. Select Save.

When you have saved your changes, continue with one of the following sections:

"Select and View the Private PSK Authentication Database Location"

"View, Select, and Add User Groups"

"Create Guest Credentials"

"View and Modify the Availability Schedule"

"Save, Verify, and Modify a Guest Access SSID"

Select and View the Private PSK Authentication Database Location

The Authentication DB section appears if you have selected either of the following:

If you selected Create credentials for guests to log in to your network, ExtremeCloud IQ allows you to select a user group private PSK database storage location for this SSID. In the Authentication DB section, select Cloud or LocalExtreme Networks device.Generally, select Local for up to 4096 guests on an AP100 or AP300 series; or up to 9999 guests on an AP200 series, AP300 series, AP550, AP1130, XR200P, BR200WP, or SR series switch. Generally, select Cloud for more guests.

If you selected Guests can self-register, then sign in, as an option, an employee can approve, ExtremeCloud IQ automatically selects user group private PSK database storage for this SSID in the Cloud instead of on a local device. View this selection in Authentication DB.

View, Select, and Add User Groups

View and add Guest Access user groups using these steps:

  1. To view and select from existing user groups, select the required user group from the drop-down list. When your Guest Access wireless network (SSID) will use a PCG (private client group), select a group that has been assigned the required AP- or key-based PCG. See Add User Groups for instructions on assigning PCG options. Each network policy can have only one key-based PCG wireless network (SSID), one AP-based PCG SSID, and any number of non-PCG SSIDs.
  1. To add a new user group, select the ". . .Or, you cancreate one" link. Enter the required user group settings, and select Save.

For more information about configuring user groups, see User Groups.

Create Guest Credentials

If you selected Create credentials for guests to log in to your network, then use the Bulk Create Credentials section to create up to 1000 private PSK credentials. Enter a required prefix for all of the credentials and then enter the number of guests for which you want to generate credentials.

View and Modify the Availability Schedule

Extreme Networks Guest Access SSIDs are available 24 hours a day by default unless you define an availability schedule. In the New or Edit Guest Access SSID dialog box, set Schedule to ON, and then select the days and times that the Guest Access SSID is available.

When you are done, continue with "Save, Verify, and Modify a Guest Access SSID".

Save, Verify, and Modify a Guest Access SSID

When you are done, select Save. In the Summary dialog box, verify your configuration. If the Guest Access wireless network SSID configuration is correct select Close, or select Go To Deploy to "Deploy a Guest Access SSID".

If the Guest Access SSID configuration is not correct, select Modify and make any necessary changes.

Deploy a Guest Access SSID

When you have verified your changes and modifications to your guest access SSID, ExtremeCloud IQ displays a Summary dialog box. Select Go to Deploy. ExtremeCloud IQ displays the Deploy Policy page. Continue with Deploy a Network Policy.

Copyright © 2020 Extreme Networks. All rights reserved. Published March 2020.