Typically, when an external captive portal is employed, a web server hosts a single site that allows users to authenticate to the network. Centralized Web Authentication (CWA) offers the ability to serve a web page based on a set of conditions that are defined on the RADIUS server. The user is redirected to the appropriate web page after successful authentication using the 802.1x protocol.
With a CWA captive portal, the URL for the captive portal is provided dynamically through RADIUS attributes. The redirection can occur either at the AP (for Bridged@AP topologies) or at ExtremeCloud IQ Controller (for Bridged@AC topologies). Examples of conditions that determine the destination web page include: the expiration date for a user password or the due date of a bill that must be paid before a user can gain access to the network.
CWA supports an ExtremeControl captive portal server and a Cisco® ISE captive portal server. The configuration procedure for captive portal on ExtremeCloud IQ Controller is the same regardless of the captive portal server. CWA is supported on both Bridged@AC and Bridged@AP topologies.
For information on the captive portal server configuration, see the ExtremeCloud IQ Controller Deployment Guide.
Note
Extreme Networks AP39xx and the Wi-Fi 6 AP models all support Centralized Web Authentication (CWA) captive portal.