User's Guide
Table Of Contents
- Table of Contents
- Preface
- Welcome to Extreme Campus Controller
- Dashboard
- Monitor
- Sites List
- Device List
- Access Points List
- Smart RF Widgets
- Switches List
- Networks List
- Clients
- Policy
- Configure
- Network Configuration Steps
- Sites
- Add a Site
- Modifying Site Configuration
- Site Location
- Adding Device Groups to a Site
- Add or Edit a Configuration Profile
- Associated Profiles
- Associated Networks
- Mesh Point Profile Configuration
- Configure Client Bridge
- Understand Radio Mode
- Radio as a Sensor
- Advanced AP Radio Settings
- VLAN Profile Settings
- AirDefense Profile Settings
- ExtremeLocation Profile Settings
- IoT Profile Settings
- Positioning Profile Settings
- Analytics Profile Settings
- RTLS Settings
- Advanced Configuration Profile Settings
- Configuring RF Management
- Configuring a Floor Plan
- Advanced Tab
- Devices
- Networks
- Policy
- Automatic Adoption
- ExtremeGuest Integration
- AAA RADIUS Authentication
- Onboard
- Onboard AAA Authentication
- Manage Captive Portal
- Manage Access Control Groups
- Access Control Rules
- Tools
- Administration
- System Configuration
- Manage Administrator Accounts
- Extreme Campus Controller Applications
- Product License
- Glossary
- Index
External Captive Portal Settings
An external captive portal resides on a separate server. Configure the following settings for an external
captive portal.
Table 62: External Captive Portal Settings
Field Description
ECP URL URL address for the external captive portal.
When integrating with ExtremeCloud™ A3, the URL format is:
https://<VIP of A3>/Extreme::XCC
Walled Garden Rules Select Walled Garden Rules to configure policy rules for the
external captive portal.
Identity (Optional) Determines the name common to both the Extreme
Campus Controller and the external Web server if you want to
encrypt the information passed between the Extreme Campus
Controller and the external Web server. Required for signing
the redirected URL. If you do not configure the Identity, the
redirector on the AP drops the trac.
Shared Secret (Optional) The password that is used to validate the connection
between the client and the RADIUS server.
Use HTTPS for connection Indicates that the connection will be secure with HTTPS.
Send Successful Login To Indicates destination of authenticated user. Valid values are:
• Original Destination. The destination of the original request.
• Custom URL. Provide the URL address.
Related Topics
Configuring L2 Rules on page 262
Configuring L7 Application Rules on page 265
Walled Garden Rules on page 251
Centralized Web Authentication
Typically, when an external captive portal is employed, a web server hosts a single site that allows users
to authenticate to the network. Centralized Web Authentication (CWA) oers the ability to serve a web
page based on a set of conditions that are defined on the RADIUS server. The user is redirected to the
appropriate web page after successful authentication using the 802.1x protocol.
With a CWA captive portal, the URL for the captive portal is provided dynamically through RADIUS
attributes. The redirection can occur either at the AP (for Bridged@AP topologies) or at Extreme
Campus Controller (for Bridged@AC topologies). Examples of conditions that determine the
destination web page include: the expiration date for a user password or the due date of a bill that must
be paid before a user can gain access to the network.
CWA supports an ExtremeControl captive portal server and a Cisco® ISE captive portal server. The
configuration procedure for captive portal on Extreme Campus Controller is the same regardless of the
captive portal server. CWA is supported on both Bridged@AC and Bridged@AP topologies.
Configure
Captive Portal Settings
Extreme Campus Controller User Guide for version 5.46.03 245