Rule Based Redirection to a Captive Portal
Redirecting to a captive portal is a common rule-based redirection use
case. The following is an example Allow configuration for rule-based redirection to a
captive portal.
- The role allows the station to use DHCP and DNS:
- Access Control = Allow, Port = DNS
- Access Control = Allow, Port = DHCP
Client.
- Access Control = Allow, Port = DHCP
Server.
- The role allows the station to communicate with the external captive
portal server using HTTP or HTTPS.
- Access Control = Allow, IP/subnet = IP of Captive Portal Server
Then specify the Captive Portal Server on the
VLAN Class of Service tab
in the Redirection URL field.
The Redirection URL can be provided as a URL, IP address, or host name if using L7 Host
Name DNS support.
- The role must allow the station to send traffic to the controller‘s
IP address on the VLAN containing the station‘s traffic; therefore, one Allow policy must
include the IP/subnet that corresponds to the VLAN ID. Depending on the Default Access
Control value on the role, this can be the VLAN ID specified on the role or the VLAN ID
specified during WLAN Service configuration.
- When default Access Control = Allow, VLAN ID on the WLAN Service
configuration is used.
- When default Access Control = Contain to VLAN, the VLAN ID on
the Role configuration is used.
- Access Control = Allow, IP/subnet = Configured VLAN subnet.
Note
You cannot configure Captive Portal Redirection using IPv6
classifiers. While you can http to IPv6 websites, you cannot apply Captive Portal
redirection to http [s] over IPv6 .