Rule-Based Redirection

You can now configure policy rules to explicitly redirect traffic to the captive portal definition assigned to the role, regardless of authentication status. Rule-based Redirection applies to HTTP and HTTPS traffic, and explicitly defines when traffic will be redirected. In previous releases, redirection automatically redirected an un-authenticated client to an ECP when a deny action on HTTP(S) traffic occurred.

Rule-based redirection requires explicit enablement. For new installations, Rule-based Redirection is enabled by default. For upgrades from releases prior to v10.11, ExtremeWireless preserves the previous captive portal redirection method of triggering redirect off denied HTTP/HTTPS for non-authenticaticated roles.

To enable Rule-based Redirection upon an upgrade, go to VNS > Global > Filtering Mode.
Click to expand in new window
Enabling Rule-based Redirection
Graphics/Rule-based_redirection_enable.png
To use Rule-based Redirection:
  • Verify that the feature is enabled.
  • Configure roles with policy rules for redirection. Add the Redirect rules to the (non-auth) role definition; otherwise, the Deny All default action is interpreted explicitly, and traffic will be denied not redirected.
  • Configure a list of redirection URLs.
  • Specify the redirection URL on the Role VLAN & Class of Service tab. This value can be an IP address, URL, or host name if using L7 host name rules.
  • (Optional) If you are redirecting to a captive portal, configure the captive portal for redirected traffic.

Rule-based Redirection is explicit when the redirection flag is enabled and a rule is defined for redirection. The redirection destination can be defined on the role or as part of a WLAN Service configuration. If a redirection destination is not configured, the default destination is 'Own WLAN', which indicates the WLAN of the device. Redirection is allowed on any port.

Click to expand in new window
Example Role with Redirection to ECP specified.
Graphics/redirection_ECP.png