to edit the
configuration profile.
Note
Upon creating an External Captive Portal WLAN the ExtremeCloud IQ Controller automatically creates the following internal rule:The following are rule examples: Unregistered role for Guest:acfilters# show Custom AP Filters: disable filter 1 3 proto udp eth 800 mac any 0.0.0.0/0 port 53 in dst out src allow filter 2 3 proto udp eth 800 mac any 0.0.0.0/0 port 67 in dst out src allow filter 3 3 proto any eth any mac any 0.0.0.0/0 all_ports in none out src allow filter 4 3 proto icmp eth 800 mac any 0.0.0.0/0 type-code 0x0000 0x0000 in dst out src allow filter 5 3 proto tcp eth 800 mac any 1.1.1.1/32 all_ports in dst out src allow filter 6 3 app-signature group "Web Applications" hostname "fqdn:nac_engine.mynetwork.com" proto any eth 800 mac any 0.0.0.0/0 all_ports in dst out src allow filter 7 3 proto tcp eth 800 mac any 0.0.0.0/0 port 80 in dst out none redirect filter 8 3 proto tcp eth 800 mac any 0.0.0.0/0 port 443 in dst out none redirect
Enabling Captive Portal on a WLAN automatically builds the Unregistered role for <Network Name> and the necessary rules for client redirection. This role is automatically assigned to device groups that have the External Captive Portal WLAN selected to broadcast. Unregistered role for <Network Name> is not visible within the ExtremeCloud IQ Controller user interface. No modification or role creation is necessary for the functional External Captive Portal environment. Extreme Control must send back the filter-id of Unregistered role for <Network Name> to use the automatically created role.