User's Manual

Chapter 8 HiveManager Configuration Examples

106 Aerohive

To enable the captive web portal to forward DHCP and DNS traffic from unregistered users to external servers on the

network, click Configuration > Authentication > Captive Web Portal > New, and select Use external DHCP and

DNS servers on the network.

Note: With this captive web portal implementation, you must assign unregistered and registered users to the

same VLAN.

3 4

DNS Querient DNS Server HTTP Client HTTP Server

DNS Address Resolution HTTP Connection to the Captive Web Portal

HTTP GET

When the client sends an HTTP or HTTPS

GET command, the HiveAP intercepts it and

sends it to its HTTP server, which replies with

a guest access registration page. The user

must agree to an acceptable use policy, fill in

some fields, and then submit the form.

The HiveAP allows DNS queries and replies

between the client of an ungregistered user

and a DNS server

DNS Query

DNS Reply

HTTP Client HTTP Server

Wireless

Client

Servers

Registration DHCP, DNS, and HTTP Forwarding

Wireless

Acess Point

After a guest agrees to the acceptable use

policy, fills in the form, and submits the

registration, the HiveAP moves the client’s

MAC address from a quarantined list to a

registered list.

The HiveAP then applies the registered user

profile “Guests” and forwards all types of traffic

to the rest of the network, as permitted by

firewall policies assigned to that user profile.

Registration

Quarantine

MAC: 0016:cf8c:57bc

Registered

MAC: 0016:cf8c:57bc

DHCP

DNS

HTTP