Wireless Controller, Service Platform and Access Point CLI Reference Guide

bridge

Enables forwarding of bridge-vlan information (such as, name and vlan) to the ExtremeGuest (EGuest) server. The EGuest server updates its WLAN information collection with the received wired-network information.

Note

Ensure that the bridge-vlan interface has a name that uniquely identifies it from other bridge-vlan interfaces with similar configurations. For more information, see name.

Captive-portal Web pages for wired clients are hosted on the gateway controller‘s bridge-vlan interface. By updating the EGuest server with bridge-vlan information, you enable the EGuest server to apply of captive-portal‘s Splash templates to the bridge-vlan interface.

This command also configures the external guest registration and validation server details. If using an external server to perform wired client registration, authentication and accounting, use this command to configure the external server‘s IP address/hostname. When configured, the gateway controller forwards guest registration requests to the specified registration server. In case of EGuest deployment, this external resource should point to the EGuest server.

Supported on the following devices:

Access Points: AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP6522, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP763, AP7662, AP8163, AP8543, AP8533.
Service Platforms: NX5500, NX7500, NX9500, NX9600
Virtual Platforms: CX9000, VX9000

Syntax

registration [device|device-OTP|external|user]

registration [device|device-OTP|user] group-name <RAD-GROUP-NAME> {expiry-time <1-43800>}

registration external follow-aaa send-mode [http|https|udp]

Parameters

registration [device|device-OTP|user] group-name <RAD-GROUP-NAME> {expiry-time <1-43800>}


registration	Enables wired guest-user registration and validation. This option is disabled by default. Use to configure registration and validation parameters for wired captive-portal clients. Specify the client registration mode used. If using an external resource as authenticating server, use this command to point to the external resource.
[device\|device-OTP\| user]	Configures the mode used to register wired clients on this bridge-vlan interface. The options are: device, user, and device-OTP. device-OTP – Registers device by its MAC address. During registration the user, provides e-mail address or mobile number, and an OTP (one-time-passcode) is sent to the registered e-mail id or mobile number to complete registration. device – Registers device by its MAC address, and allows access to already registered clients. Note: If using the above two options, ensure MAC authentication is enabled on the bridge-vlan interface. user – Registers guest users using one of the following options: e-mail address, mobile-number, or member-id. If using any one of the above modes of registration, specify the RADIUS group to which the registered device or user is to be assigned post authentication.
group-name <RAD-GROUP-NAME>	Configures the RADIUS group name in which registered users are placed. When left blank, users are not associated with a RADIUS group. <RAD-GROUP-NAME> – Specify the RADIUS group name (should not exceed 64 characters).
expiry-time <1-43800>	Optional. Configures the duration in hours, or which registered MAC addresses are retained. Once this duration is over, registered MAC addresses expire and need to be re-entered. <1-43800> – Specify a value from 1 - 43800 hrs. The default is 1500 hrs.

registration external follow-aaa send-mode [http|https|udp]


registration	Enables wired guest-user registration and validation. This option is disabled by default. Use to configure registration and validation parameters for wired captive-portal clients. Specify the client registration mode used. If using an external resource as authenticating server, use this command to point to the external resource.
external	Specifies that the wired client registration is handled by an external resource. Registration requests are forwarded to the external registration server by the captive-portal gateway controller.
follow-aaa	Uses an AAA policy to point to the guest registration, authentication, and accounting server. When used, guest registration is handled by the RADIUS server specified in the AAA policy. This is the AAA policy used in the captive-portal applied on the bridge-vlan interface. In case of EGuest deployment, in the AAA policy, the RADIUS authentication and accounting server configuration should point to the EGuest server. The use of ‘follow-aaa‘ option is recommended in EGuest replica-set deployments. For more information on enabling the EGuest server, see eguest-server (VX9000 only) (profile config mode).
send-mode [https\|https\|udp]	Specifies the protocol used to forward registration requests to the external AAA policy server. The options are: HTTPS – Sends registration requests as HTTPS packet HTTP – Sends registration requests as HTTP packet UDP – Sends registration requests as UDP packet. This is the default setting.

Example

nx9500-6C8809(config-profile testNX9500-bridge-vlan-20)#registration device 
group-name test expiry-time 200

nx9500-6C8809(config-profile testNX9500-bridge-vlan-20)#registration external 
follow-aaa send-mode https

nx9500-6C8809(config-profile testNX9500-bridge-vlan-20)#show context
 bridge vlan 20
  registration device group-name test expiry-time 200
  registration external follow-aaa send-mode https
  ip igmp snooping
  ip igmp snooping querier
  ipv6 mld snooping
  ipv6 mld snooping querier
nx9500-6C8809(config-profile testNX9500-bridge-vlan-20)#

Related Commands


no	Disables self-registration of captive-portal users on this bridge-vlan interface.