ExtremeCloud offers the ability to configure a built-in captive portal splash screen. Alternatively, you can use an external captive portal (ECP), which redirects to a third-party server for authentication.
When captive portal is enabled, cloud-enabled APs intercept the HTTP and HTTPS traffic of unauthenticated users and redirects them to the captive portal splash screen. The captive portal can then authenticate the user. (Authentication can be as simple as asking the user to select a button to accept any terms and conditions for using the network or it can ask the user for credentials.) If the user passes the captive portal criteria, the captive portal tells the cloud-enabled AP to allow the user onto the network. The captive portal can also assign the user to one of the access control policies that is configured on the AP.
The captive portal feature is firewall friendly. All interactions with the captive portal take place through port 443 or port 80, which are routinely allowed to egress firewalls. This product also supports captive portals that are on the same side of the firewall as the AP.
The DHCP IPv4 address pool used by unauthenticated clients must be large enough to provide additional IP addresses to all APs configured with captive portal. This is because each AP creates a virtual interface on each non-authenticated policy VLAN and assigns an IP address to it from the pool.
You can create a walled garden with either captive portal option.