Note
You must configure the policy‘s security, access, and whitelist basic parameters before actual HTML pages can be defined for guest user access requests.Select Add to save the policy.
The Basic Configuration screen opens.
Captive Portal Server Mode | Set the server mode. Options are: as either
The default value is Internal (Self). |
Hosting VLAN Interface | When Centralized Controller is selected as the Captive Portal Server Mode, specify the VLAN (between 0 and 4096) for client communication. Select 0 to use the default client VLAN. 0 is the default setting. |
Captive Portal IPv6 Server |
When using Centralized mode, select this option to define an IPv6 formatted address of the controller, service platform, virtual platform or access point resource hosting the captive portal. |
Captive Portal Server Host | When Centralized is selected as the Captive
Portal Server Mode, set a numeric IP address
(or DNS hostname) for the server validating guest user
permissions for the captive portal policy. When Centralized Controller is selected, use this field to provide the hostname of the controller or controllers acting as the captive portal server host. |
Simultaneous Access | Select this check box and use the spinner control to set from 1-8192 users (client MAC addresses) allowed simultaneous access to the captive portal and its resources. |
Connection Mode | Select either HTTP or HTTPS to define the connection medium to the Web server. We recommend the use of HTTPS because it affords some additional data protection HTTP cannot provide. The default value, however, is HTTP. |
Access Type | Select the authentication scheme applied to clients requesting captive portal guest
access to the WiNG network. Options are:
|
Terms and Conditions page | Select this option (with any access type) to include terms that must be adhered to for clients requesting captive portal access. These terms are included in the Terms and Conditions page when No authentication required is selected as the access type, otherwise the terms appear in the Login page. The default setting is disabled. |
Frictionless Onboarding | Select this option to enable wireless clients, associated with guest
WLANs, to self-register with the Extreme Guest
server. In other words, this feature enables frictionless
on-boarding of guest users to the ExtremeGuest server. It also provides an integration API, as a means of on-boarding guest users through a loyalty application. In the captive portal, set Access Type to Registration, enable Frictionless Onboarding, and provide the Localization URL to trigger a one-time redirect on demand. The defined URL is triggered from a mobile application to derive location information from the wireless network so an application can be localized to a particular store or region. Note: If
enabling this option, in the WLAN (using this
captive-portal) configure the settings as follows:
|
Select this option to register the requesting client‘s guest user Facebook social media profile (collected from the social media server) on the device. Captive portal authentication then becomes a fallback mechanism to enforce guest registration through social authentication. This option is disabled by default. | |
Select this option to register the requesting client‘s guest user Google social media profile (collected from the social media server) on the device. Captive portal authentication then becomes a fallback mechanism to enforce guest registration through social authentication. This option is disabled by default. |
RADIUS VLAN Assignment |
Select this option to enable client VLAN assignments using the RADIUS server. If, as part of the authentication process, the RADIUS server returns a client‘s VLAN-ID in a RADIUS access-accept packet, and this feature is enabled, all client traffic is forwarded on the post authentication VLAN. If disabled, the RADIUS server‘s VLAN assignment is ignored and the VLAN configuration defined within the WLAN configuration is used instead. This feature is disabled by default. |
Post Authentication VLAN ID | When this option is selected, a specific VLAN is assigned to the client upon successful authentication. The available range is from 1 - 4,096. |
Client Access Time | Use the spinner control to define the duration wireless clients are allowed access to using the captive portal policy when there is no session time value defined for the RADIUS response. Set an interval from 10 - 10,800 minutes. The default interval is 1,440 minutes. |
Inactivity Timeout | Use the drop-down menu to specify an interval in seconds (60 - 86,400) that, when exceeded, times out the session. The default is 10 minutes. |
Enable | Select this option to report a captive portal client‘s loyalty application presence and store this information in the captive portal‘s user database. The client‘s loyalty application detection occurs on the access point to which the client is associated and allows a retail administrator to assess whether a captive portal client is using specific retail (loyalty) applications in their captive portal. This setting is enabled by default. |
App Name | Use the drop-down menu to select an existing application to track for loyalty utilization by captive portal clients. This enables an administrator to assess whether patrons are accessing an application as expected in specific retail environments. |
Enable RADIUS Accounting | Select this option to use an external RADIUS resource for AAA accounting. When selected, a AAA Policy field displays. This setting is disabled by default. |
Enable Syslog Accounting | Select this option to log information about the use of remote access services by users using an external syslog resource. This information is of great assistance in partitioning local versus remote users. Remote user information can be archived to an external location for periodic network and user administration. This feature is disabled by default. |
Syslog Host | When syslog accounting is enabled, use the drop-down menu to determine whether an IP address or Hostname is used as a syslog host. The IP address or hostname of an external server resource is required to route captive portal syslog events to that destination external resource destination. A hostname cannot contain an underscore. |
Syslog Port | When syslog accounting is enabled, define the numerical syslog port the used to route traffic with the external syslog server. The default port is 514. |
Limit | Select this option to enable data limits for captive portal clients. Specify the maximum amount of data, in megabytes, allowed for each captive portal client. When a user reaches this threshold, from 1 and 102,400 megabytes, it triggers the specified action. |
Action | When a captive portal client reaches its data usage
limit, a specified log action is executed. Choose from one
of the following:
When Log Only is selected, an entry is added to the log file whenever a captive portal client exceeds the data limit. When log-and-disconnect is selected, an entry is added to the log file when the data limit is exceeded and the client is disconnected from the captive portal. |
FQDN | Provide the FQDN address (for example, local.guestaccess.com) used to obtain localization parameters for a client. |
Response | Enter a response message (512-character maximum) directed back to the client for localization HTTP requests. |
Note
You cannot restore default settings after applying or saving changes.Note
This does not permanently save the settings you configured. If you perform a Reload (warm reboot), applied settings will be lost.Note
If you do not select Apply or Save, the settings that you configured are not saved when you move away from the configuration window.