Concept Guide
Table Of Contents
- About this Guide
- About Instant
- Setting up a W-IAP
- Automatic Retrieval of Configuration
- Instant User Interface
- Initial Configuration Tasks
- Basic Configuration Tasks
- Additional Configuration Tasks
- Customizing W-IAP Settings
- Modifying the W-IAP Hostname
- Configuring Zone Settings on a W-IAP
- Specifying a Method for Obtaining IP Address
- Configuring External Antenna
- Configuring Radio Profiles for a W-IAP
- Configuring Uplink VLAN for a W-IAP
- Changing USB Port Status
- Master Election and Virtual Controller
- Adding a W-IAP to the Network
- Removing a W-IAP from the Network
- VLAN Configuration
- Wireless Network Profiles
- Configuring Wireless Network Profiles
- Configuring Fast Roaming for Wireless Clients
- Editing Status of a WLAN SSID Profile
- Editing a WLAN SSID Profile
- Deleting a WLAN SSID Profile
- Wired Profiles
- Configuring a Wired Profile
- Assigning a Profile to Ethernet Ports
- Editing a Wired Profile
- Deleting a Wired Profile
- Link Aggregation Control Protocol
- Understanding Hierarchical Deployment
- Captive Portal for Guest Access
- Understanding Captive Portal
- Configuring a WLAN SSID for Guest Access
- Configuring Wired Profile for Guest Access
- Configuring Internal Captive Portal for Guest Network
- wConfiguring External Captive Portal for a Guest Network
- Configuring Facebook Login
- Configuring Guest Logon Role and Access Rules for Guest Users
- Configuring Captive Portal Roles for an SSID
- Configuring Walled Garden Access
- Authentication and User Management
- Managing W-IAP Users
- Supported Authentication Methods
- Supported EAP Authentication Frameworks
- Configuring Authentication Servers
- Understanding Encryption Types
- Configuring Authentication Survivability
- Configuring 802.1X Authentication for a Network Profile
- Configuring MAC Authentication for a Network Profile
- FConfiguring MAC Authentication with 802.1X Authentication
- hConfiguring MAC Authentication with Captive Portal Authentication
- Configuring WISPr Authentication
- Blacklisting Clients
- Uploading Certificates
- Roles and Policies
- Firewall Policies
- Content Filtering
- Configuring User Roles
- Configuring Derivation Rules
- Using Advanced Expressions in Role and VLAN Derivation Rules
- DHCP Configuration
- VPN Configuration
- IAP-VPN Deployment
- Adaptive Radio Management
- Deep Packet Inspection and Application Visibility
- Voice and Video
- Services
- AirGroup Configuration
- Configuring a W-IAP for RTLS Support
- Configuring a W-IAP for Analytics and Location Engine Support
- Configuring OpenDNS Credentials
- Integrating a W-IAP with Palo Alto Networks Firewall
- Integrating a W-IAP with an XML API interface
- CALEA Integration and Lawful Intercept Compliance
- W-IAP Management and Monitoring
- Managing a W-IAP from W-AirWave
- Image Management
- Resetting a W-IAP
- W-IAP and Client Monitoring
- Template-based Configuration
- Trending Reports
- Intrusion Detection System
- Wireless Intrusion Detection System (WIDS) Event Reporting to W-AirWave
- RF Visualization Support for Instant
- PSK-based and Certificate-based Authentication
- Configurable Port for W-IAP and W-AirWave Management Server Communication
- Configuring Organization String
- Managing a W-IAP from W-AirWave
- Uplink Configuration
- Intrusion Detection
- Mesh W-IAP Configuration
- Mobility and Client Management
- Spectrum Monitor
- W-IAP Maintenance
- Monitoring Devices and Logs
- Hotspot Profiles
- Understanding Hotspot Profiles
- Configuring Hotspot Profiles
- Creating Advertisement Profiles for Hotspot Configuration
- Configuring an NAI Realm Profile
- Configuring a Venue Name Profile
- Configuring a Network Authentication Profile
- Configuring a Roaming Consortium Profile
- Configuring a 3GPP Profile
- Configuring an IP Address Availability Profile
- Configuring a Domain Profile
- Configuring an Operator-friendly Profile
- Configuring a Connection Capability Profile
- Configuring an Operating Class Profile
- Configuring a WAN Metrics Profile
- Creating a Hotspot Profile
- Associating an Advertisement Profile to a Hotspot Profile
- Creating a WLAN SSID and Associating Hotspot Profile
- Creating Advertisement Profiles for Hotspot Configuration
- Sample Configuration
- ClearPass Guest Setup
- IAP-VPN Deployment Scenarios
- Terminology
Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide Captive Portal for Guest Access | 127
Chapter 11
Captive Portal for Guest Access
This chapter provides the following information:
l Understanding Captive Portal on page 127
l Configuring a WLANSSID for Guest Access on page 128
l Configuring Wired Profile for Guest Access on page 133
l Configuring Internal Captive Portal for Guest Network on page 135
l wConfiguring External Captive Portal for a Guest Network on page 138
l Configuring Facebook Login on page 143
l Configuring External Captive Portal Authentication Using ClearPass Guest on page 142
l Configuring Guest Logon Role and Access Rules for Guest Users on page 145
l Configuring Captive Portal Roles for an SSID on page 147
l Configuring Walled Garden Access on page 150
l Disabling Captive Portal Authentication on page 150
Understanding Captive Portal
Instant supports the captive portal authentication method, where a web page is presented to the guest users
when they try to access the Internet from hotels, conference centers, or Wi-Fi hotspots. The web page also
prompts the guest users to authenticate or accept the usage policy and terms. captive portals are used at
many Wi-Fi hotspots and can be used to control wired access as well.
The Instant captive portal solution consists of the following:
l The captive portal web login page hosted by an internal or external server.
l The RADIUS authentication or user authentication against W-IAP's internal database.
l The SSID broadcast by the W-IAP.
Using Instant, the administrators can create a wired or WLAN guest network based on captive portal
authentication for guests, visitors, contractors, and any non-employee users who can use the enterprise Wi-Fi
network. The administrators can also create guest accounts and customize the captive portal page with
organization-specific logo, terms, and usage policy. With captive portal authentication and guest profiles, the
devices that connect to the guest SSID are assigned IP addresses and an initial role. When a guest user tries to
access a URL through HTTP or HTTPS, the captive portal web page prompting the user to authenticate with a
user name and password is displayed.
Types of Captive Portal
Instant supports the following types of captive portal authentication:
l Internal captive portal—For Internal captive portal authentication, an internal server is used for hosting
the captive portal service. It supports the following types of authentication:
n Internal Authenticated— When Internal Authenticated is enabled, a guest user must authenticate
in the captive portal page to access the Internet. The guest users who are required to authenticate must
already be added to the user database.
n Internal Acknowledged— When Internal Acknowledged is enabled, a guest user must accept the
terms and conditions to access the Internet.