ExtremeCloud IQ Controller supports integration with an External Captive Portal (ECP) on a third-party server.
An ECP is a web server that hosts a site that allows users to authenticate to the network. When the web server is not hosted on ExtremeCloud IQ Controller, the captive portal is considered a third-party ECP. ExtremeCloud IQ Controller intercepts and redirects the user‘s HTTP messages to the ECP web server.
ECP authentication involves filtering traffic of unauthenticated clients. When the client sends HTTP traffic, its browser is redirected to a website where the client‘s user can authenticate. The website is referred to as an ECP because it is located outside ExtremeCloud IQ Controller (which also offers an ‘internal‘ captive portal). The ECP authenticates the user in whatever way it sees fit, and then tells ExtremeCloud IQ Controller or the AP whether the user is authenticated and what policy to apply to the user‘s session.
All interactions with the ECP are initiated by the user. The enterprise allows staff and guests to egress through port 80 on the firewall to use the third-party ECP.
We will discuss how to configure and program the ECP to interact with ExtremeCloud IQ Controller. This includes details about the message sequence that occurs when a client authenticates through an ECP. The following authentication flows are supported: