You are here: Captive Portal for Guest Access > Configuring Captive Portal Roles for an SSID
Previous TopicNext Topic

Configuring Captive Portal Roles for an SSID

You can configure an access rule to enforce captive portal authentication for SSIDs with 802.1X authentication enabled. You can configure rules to provide access to an external captive portal, internal captive portal, so that some of the clients using this SSID can derive the captive portal role.

The following conditions apply to the 802.1X and captive portal authentication configuration:

If a user role does not have Captive Portal settings configured, the captive portal settings configured for an SSID are applied to the client's profile.
If the SSID does not have Captive Portal settings configured, the captive portal settings configured for a user role are applied to the client's profile.
If captive portal settings are configured for both SSID and user role, the captive portal settings configured for a user role are applied to the client's profile.

You can create a captive portal role for both Internal-acknowledged and External Authentication Text splash page types.

To enforce the Captive Portal role, use the Instant UI or CLI.

In the Instant UI

To create a captive portal role:

1. Select an SSID profile from the Networks tab. The Edit <WLAN-Profile> window is displayed.
2. In the Access tab, slide to Role-based access control by using the scroll bar.
3. Select a role or create a new one if required.
4. Click New to add a new rule. The New Rule window is displayed.
5. In the New Rule window, specify the following parameters. The following figures show the parameters for Captive Portal role configuration:

Figure 1  Captive Portal Rule for Internal Acknowledged Splash Page

 

 

Figure 2  Captive Portal Rule for External Captive portal profile

Table 1: New Access Rule Configuration Parameters

Field

Description

Rule type

Select Captive Portal from the drop-down list.

Splash Page Type

Select any of following attributes:

l Select Internal to configure a rule for internal captive portal authentication.
l Select External to configure a rule for external captive portal authentication.
Internal

If Internal is selected as splash page type, perform the following steps:

l Under Splash Page Visuals, use the editor to specify text and colors for the initial page that would be displayed to users connecting to the network. The initial page asks for user credentials or email, depending on the splash page type configured
l To change the color of the splash page, click the Splash page rectangle and select the required color from the Background Color palette.
l To change the welcome text, click the first square box in the splash page, type the required text in the Welcome text box, and click OK. Ensure that the welcome text does not exceed 127 characters.
l To change the policy text, click the second square in the splash page, type the required text in the Policy text box, and click OK. Ensure that the policy text does not exceed 255 characters.
l Specify the URL to which you want to redirect the guest users.
l To upload a custom logo, click Upload your own custom logo Image, browse the image file, and click upload image.
l Click Preview to preview the Captive Portal page.
External

If External is selected, perform the following steps:

Select a profile from the Captive portal profile drop-down list.
If you want to edit the profile, click Edit and update the following parameters:
l Type—Select either Radius Authentication ( to enable user authentication against a RADIUS server) or Authentication Text (to specify the authentication text to returned by the external server after a successful user authentication).
l IP or hostname— Enter the IP address or the hostname of the external splash page server.
l URL— Enter the URL for the external splash page server.
l Port—Enter the number of the port to use for communicating with the external splash page server
l Redirect URL—Specify a redirect URL if you want to redirect the users to another URL.
l Captive Portal failure—This field allows you to configure Internet access for the guest clients when the external captive portal server is not available. Select Deny Internet to prevent clients from using the network, or Allow Internet to allow the guest clients to access Internet when the external captive portal server is not available.
l Automatic URL Whitelisting— Select Enabled or Disabled to enable or disable automatic whitelisting of URLs. On selecting the checkbox for the external captive portal authentication, the URLs allowed for the unauthenticated users to access are automatically whitelisted. The automatic URL whitelisting is disabled by default.
l Auth Text—Indicates the authentication text returned by the external server after a successful user authentication.
6. Click OK. The enforce captive portal rule is created and listed as an access rule.
7. Create a role assignment rule based on the user role, to which the captive portal access rule is assigned.
8. Click Finish.

The client can connect to this SSID after authenticating with username and password. After a successful user login, the captive portal role is assigned to the client.

In the CLI

To create a captive portal role:

(Instant AP)(config)# wlan access-rule <Name>

(Instant AP)(Access Rule <Name>)# captive-portal {external [profile <name>]|internal}

(Instant AP)(Access Rule <Name>)# end

(Instant AP)# commit apply