Configuring a Captive Portal Network

Configuring an Internal Captive Portal network with WPAv2 PSK privacy.
Note

Note

Centralized sites support B@AC and B@AP VLAN topology.
  1. Go to Configure > Networks > WLANs > Add and configure the following parameters:
    Network Name
    test1-ICP
    SSID
    test1-ICP
    Status
    Enable or disable the network service. Disabling the network service shuts off the service but does not delete it.
    Auth Type
    Select WPAv2 - Personal (PSK) then select Edit Privacy and enter a password key.
    Enable Captive Portal
    Check this option and specify the following parameters:
    • Captive Portal Type = Internal
    • Default captive portal is specified. This is the captive portal we configured.
    • Authentication Method. Select Proxy RADIUS (Failover).
      Note

      Note

      Policy assignment through Filter ID is not supported.
    • Primary RADIUS. This is the RADIUS server we configured. Enter the IP address. You have the option to add 1-3 failover RADIUS servers.
    • Default VLAN = test1. This is the B@AC VLAN we created.
    Default Auth Role
    The default network policy roles for an authenticated client. Select the plus sign to create a new role.

    Select the policy role as the default authentication policy role. Typically, Enterprise User is the Default Auth Role. You can select any of the configured roles.

    To configure a new role:
    1. Go to Configure > Policy > Roles.
    2. Go to Onboard > Rules and edit a policy rule, specifying Default Auth Role in the Accept Policy field.
    Default VLAN
    The default network topology. A topology can be thought of as a VLAN (Virtual LAN) with at least one egress port, and optionally include: sets of services, exception filters, and multicast filters. Examples of supported topology modes are Bridged at AP and Bridged at AC. Select a VLAN from the list.
  2. Select Save.

When a client connects to the network, a captive portal page is presented. The user enters a user name and password. The RADIUS authenticates the user name and password. Captive portal automatically generates two engine rules that define the Accept Policy for a client before authentication and after authentication.

Next, work with the ExtremeCloud IQ Controller engine rules.

9038919-00 Rev. AA