Rule Based Redirection to a Captive Portal
Redirecting to a captive portal is a common rule-based redirection use
case. The following is an example Allow configuration for rule-based redirection to a
captive portal.
- The role allows the station to use
DHCP (Dynamic Host Configuration Protocol) and DNS:
- Access Control = Allow, Port = DNS
- Access Control = Allow, Port = DHCP
Client.
- Access Control = Allow, Port = DHCP
Server.
- The role allows the station to communicate with the external captive
portal server using HTTP or HTTPS.
- Access Control = Allow, IP/subnet = IP of Captive Portal Server
Then specify the Captive Portal Server on the
VLAN Class of Service tab
in the Redirection URL field.
The Redirection URL can be provided as a URL, IP address, or host name if using L7 Host
Name DNS support.
- The role must allow the station to send traffic to the controller‘s
IP address on the VLAN (Virtual LAN) containing the station‘s traffic;
therefore, one Allow policy must include the IP/subnet that corresponds to the VLAN ID.
Depending on the Default Access Control value on the role, this can be the VLAN ID
specified on the role or the VLAN ID specified during WLAN (Wireless Local Area Network)
Service configuration.
- When default Access Control = Allow, VLAN ID on the WLAN Service
configuration is used.
- When default Access Control = Contain to VLAN, the VLAN ID on
the Role configuration is used.
- Access Control = Allow, IP/subnet = Configured VLAN subnet.
Note
You cannot configure Captive Portal Redirection using IPv6
classifiers. While you can http to IPv6 websites, you cannot apply Captive Portal
redirection to http [s] over IPv6 .