Wireless Access

Occasional Contributor II

Guest Wireless Design

Hi all,


I'm just making sure I've designed this implementation correctly. My site has a guest vlan that is not routed internally in anyway. It only grants users access to the external net. To implement a guest wireless network, I need to be able to have my guest users authenticate via a captive portal. To make this portal available on a isolated network, I'd need to make the controller publicly available, right? in my mind the workflow should operate like this:


User connects to guest network -> controller redirects to guest captive portal -> redirect sends them to public DNS/IP of controller (mycontroller.contoso.com) -> controller forwards request to CPPM -> CPPM returns captive portal back to client -> client authenticates against captive portal 


Does this make sense or am I going off the rails?  

Regular Contributor I

Re: Guest Wireless Design

The client would have to directly interact over HTTPS to CPPM for the captive portal page. You could control access form the controller via a logon role, or at the firewall level. The controller would also need to have a L3 interface in the guest network in order to perform the captive portal redirect.

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX#509 | ACCP | ACSA | CCNP | CCDP | CCNA Wireless
Occasional Contributor II

Re: Guest Wireless Design

ok so in my scenario I'd be exposing CPPM to the external net, not the controller? 

Search Airheads
Showing results for 
Search instead for 
Did you mean: