Wireless Access

Reply
Highlighted
Occasional Contributor II

Guest Wireless Design

Hi all,

 

I'm just making sure I've designed this implementation correctly. My site has a guest vlan that is not routed internally in anyway. It only grants users access to the external net. To implement a guest wireless network, I need to be able to have my guest users authenticate via a captive portal. To make this portal available on a isolated network, I'd need to make the controller publicly available, right? in my mind the workflow should operate like this:

 

User connects to guest network -> controller redirects to guest captive portal -> redirect sends them to public DNS/IP of controller (mycontroller.contoso.com) -> controller forwards request to CPPM -> CPPM returns captive portal back to client -> client authenticates against captive portal 

 

Does this make sense or am I going off the rails?  

Highlighted
Regular Contributor I

Re: Guest Wireless Design

The client would have to directly interact over HTTPS to CPPM for the captive portal page. You could control access form the controller via a logon role, or at the firewall level. The controller would also need to have a L3 interface in the guest network in order to perform the captive portal redirect.

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX#509 | ACCP | ACSA | CCNP | CCDP | CCNA Wireless
Highlighted
Occasional Contributor II

Re: Guest Wireless Design

ok so in my scenario I'd be exposing CPPM to the external net, not the controller? 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: