User's Manual

ManualsBrandsAerohive Networks ManualsElectronics802.11 a/b/g/n access point

Deployment Guide 107

EXAMPLE 3: PROVIDING GUEST ACCESS

Captive Web Portal with Internal DHCP and DNS Servers

With this approach, when the client of a previously unregistered visitor first associates with the guest SSID, the

HiveAP acts as a DHCP server, DNS server, and web server, limiting the client’s network access to just the HiveAP

with which it associated. No matter what website the visitor tries to reach, the HiveAP directs the browser to a

registration page. After the visitor registers, the HiveAP stores the client’s MAC address as a registered user and

stops keeping the station captive; that is, the HiveAP no longer acts as a DHCP, DNS, and web server for traffic from

that MAC address, but allows the client to access external servers. The entire process is shown in Figure 10.

Figure 10 Captive Web Portal Exchanges Using Internal Servers

Wireless Client Wireless Access Point DHCP Client DHCP Server

Association Using SSID “guest” Address and TCP/IP Assignments

Association Request

Association Response

DHCP Request

DHCP ACK

DHCP Discover

DHCP Offer

SSID “guest”

The client forms an association with the HiveAP

but the visitor has not yet registered. The

HiveAP directs all DHCP, DNS, and HTTP

traffic from unregistered guests to itself instead

of allowing it to the rest of the network.

IP Address: 172.16.1.2

Netmask: 255.255.255.0

Default Gateway: 172.16.1.1*

DHCP Server: 172.16.1.1*

DNS: 172.16.1.1*

Lease: 10 Seconds

* By default, a HiveAP assigns IP addresses to

subinterfaces for captive web portal use as follows:

wifi0.1 – wifi0.7 172.16.1.1 – 172.16.7.1

wifi1.1 – wifi1.7 172.16.11.1 – 172.16.17.1

3 4

DNS Querient DNS Server HTTP Client HTTP Server

DNS Address Resolution HTTP Connection to the Captive Web Portal

DNS Query

DNS Reply

HTTP GET

When the HTTP client sends a GET

command, the HTTP server replies with a

guest access registration page. The user

must agree to an acceptable use policy, fill

in some fields, and then submit the form.

Wildcard A record in the root zone “.” on the

HiveAP DNS server: * in a 172.16.1.1

The DNS server resolves all domain

name-to-address queries to the same IP

address, which in this case is 172.16.1.1.