Guest Wireless Design
02-24-2020 10:03 AM
I'm just making sure I've designed this implementation correctly. My site has a guest vlan that is not routed internally in anyway. It only grants users access to the external net. To implement a guest wireless network, I need to be able to have my guest users authenticate via a captive portal. To make this portal available on a isolated network, I'd need to make the controller publicly available, right? in my mind the workflow should operate like this:
User connects to guest network -> controller redirects to guest captive portal -> redirect sends them to public DNS/IP of controller (mycontroller.contoso.com) -> controller forwards request to CPPM -> CPPM returns captive portal back to client -> client authenticates against captive portal
Does this make sense or am I going off the rails?
Re: Guest Wireless Design
02-24-2020 10:11 AM
The client would have to directly interact over HTTPS to CPPM for the captive portal page. You could control access form the controller via a logon role, or at the firewall level. The controller would also need to have a L3 interface in the guest network in order to perform the captive portal redirect.
Senior Mobility and Access Engineer @WEI
ACMX#509 | ACCP | ACSA | CCNP | CCDP | CCNA Wireless