Configure External Captive Portal Redirection

When you configure a third-party or external captive portal, you must configure a policy that:
  • Allows access to the captive portal.
  • Allows DHCP
  • Allows DNS Server
  • Allows the IP address range of the default VLAN.
  • Redirects at least some HTTP traffic to the captive portal.

To configure external captive portal redirection:

  1. Select Configure > Roles > Add and configure a role. (Alternatively, edit an existing role.)
  2. For the Default Action field, select Allow.
  3. Select GUID-19C6669C-6510-4661-B54F-B5EA333B6046-low.png (next to the new rule).
    The Rules dialog opens.
  4. Expand the L3,4 pane.
  5. Select New to add a rule. Set the Ethertype to Internet Protocol, version 4 (IPv4). Set the Port to HTTP.
  6. In the Direction pane, edit the fields:
    From User Specify Destination (dest) as the value.
    To User Specify None as the value.
  7. In the Access Control field, select Redirect, and then select Enter Redirection URL that displays.
    Click to expand in new window
    Rules Configuration - Access Control Settings
    GUID-029B67F2-570D-411E-9968-FC047996A95D-low.png
    The Redirection URL window opens.
  8. Enter the URL for the captive portal gateway or select an existing URL from the drop-down list. Select Close > Close.
    Click to expand in new window
    Redirection URL Configuration
    GUID-4AACD327-8064-42BD-AE40-85C77D6E2CF1-low.png
    The Role configuration page now displays the Configure Redirect pane.
  9. Edit the fields.
    Click to expand in new window
    Role Configuration
    GUID-CABBC490-32BA-485E-A28D-A2544C68E34E-low.png
    Identity Specify the name common to both the AP and the external web server to encrypt the information passed between the AP and the external web server. The identity also tells the receiver which shared secret to use to validate the message signature. If you do not configure the identity, the redirector on the AP drops the traffic.
    Shared Secret Specify the password that will be used to validate the connection between the AP and the external server. Limits: 16 - 225 characters.
  10. (Optional) Configure advanced redirection settings, which includes specifying a custom URL for the success page after the customer logs in.
  11. Select Add Allow Rules, and enter the IP subnet for the portal.
  12. Repeat steps 2 - 11 to create a rule that redirects HTTPS traffic. (You must then configure the advanced redirection settings to enable the Use HTTPS for User Connection option.)
    The rule is created and displays in the Rules list.
  13. Add other access control rules as appropriate. Be sure to allow access for DHCP, DNS, and ARP requests.
  14. Save the role.
  15. Configure a network by selecting Networks > Add or by editing an existing network.
  16. Select the newly defined role from the Default Unauth Role list.
  17. If needed, make additional changes to the network's configuration.
  18. Save the network configuration.