Case Study Captive Portal with QR Code authenticator assisted

Similar documents
Cloudpath and Aruba Instant Integration

!! Configuration of RFS4000 version R!! version 2.3!! ip access-list BROADCAST-MULTICAST-CONTROL permit tcp any any rule-precedence 10

NXC Series. Handbook. NXC Controllers NXC 2500/ Default Login Details. Firmware Version 5.00 Edition 19, 5/

OmniAccess Stellar Enterprise SE Remote Demo Script

WAP9112/9114 Quick Start Guide

How to social login with Aruba controller. Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00

CONFIGURING AND DEPLOYING THE AX411 WIRELESS ACCESS POINT

Application Example (Standalone EAP)

GWN7600 Firmware Release Note IMPORTANT UPGRADING NOTE. GRANDSTREAM NETWORKS GWN7600 Firmware Release Note Page 1

Securing Cisco Wireless Enterprise Networks ( )

Aruba Mobility. Setup Guide

Grandstream Networks, Inc. GWN76xx Wi-Fi Access Points Master/Slave Architecture Guide

GWN7600/GWN7600LR Firmware Release Note

GWN7610 Firmware Release Note IMPORTANT UPGRADING NOTE

GFence Integration. with Aruba ALE Configuration guide

The All-in-One, Intelligent NXC Controller

LevelOne. Quick Installation Guide. WHG series Secure WLAN Controller. Introduction. Getting Started. Hardware Installation

BYOD: BRING YOUR OWN DEVICE.

GWN7610 Firmware Release Notes IMPORTANT UPGRADING NOTE

Deploy and Manage a Highly Scalable, Worry-Free WLAN

NXC Series. Wireless LAN Controller. Version 5.00 Edition 1, 02/2017. Copyright 2017 Zyxel Communications Corporation.

Quick Start Guide for Standalone EAP

Release Notes for Avaya WLAN 9100 AOS-Lite Operating System WAP9112 Release WAP9114 Release 8.1.0

Creating Wireless Networks

The All-in-One, Intelligent WLAN Controller

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

Basic Wireless Settings on the CVR100W VPN Router

Cisco Exam Implementing Advanced Cisco Unified Wireless Security v2.0 Version: 9.0 [ Total Questions: 206 ]

cnpilot Enterprise AP Release Notes

Grandstream Networks, Inc. Captive Portal Authentication via Facebook

Deploy and Manage a Highly Scalable, Worry-Free WLAN

Avaya 7691X Exam. Volume: 65 Questions. Question: 1 Which processes are used to upgrade the Ignition Server firmware?

TECHNICAL NOTE MSM & CLEARPASS HOW TO CONFIGURE HPE MSM CONTROLLERS WITH ARUBA CLEARPASS VERSION 3, JUNE 2016

The Neutron Series Distributed Network Management Solution

FortiNAC. Aerohive Wireless Access Point Integration. Version 8.x 8/28/2018. Rev: E

Ruckus SmartCell Gateway. Setup Guide. Published April Version 1.0

Grandstream Networks, Inc. Captive Portal Authentication via Facebook

FortiNAC Motorola Wireless Controllers Integration

RUCKUS CLOUD WI-FI Cloud Managed Wi-Fi

RADIUS Configuration Note WINS : Wireless Interoperability & Network Solutions

Quick Install & Troubleshooting Guide. WAP223NC Cloud Managed Wireless N Access Point

Cisco WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch

Junivo WiFi360 Integration with Aruba Networks WiFi Infrastructure. Feb, 2017 Junivo

Chapter 1 Introduction

WEB ANALYTICS HOW-TO GUIDE

300Mbps Wireless N Gigabit Ceilling Mount Access Point

SUB-TITLE WLAN Management-as-a-Service

P ART 3. Configuring the Infrastructure

Ruckus SmartZone 100 and Virtual SmartZone (Essentials)

Chapter 4 Advanced Settings and Features

TECHNICAL NOTE UWW & CLEARPASS HOW-TO: CONFIGURE UNIFIED WIRELESS WITH CLEARPASS. Version 2

GWN7600 Firmware Release Note IMPORTANT UPGRADING NOTE


ARUBA INSTANT Combining enterprise-class Wi-Fi with unmatched affordability and configuration simplicity

cnmaestro Cloud Beta Guide

300Mbps Wireless N Gigabit Ceilling Mount Access Point

Ruckus ZoneDirector 1106 WLAN Controller (up to 6 ZoneFlex Access Points)

D-Link Central WiFiManager Configuration Guide

The SC receives a public IP address from the DHCP client of the ISP. All traffic is automatically sent out through the WAN interface.

300Mbps Wireless N Ceiling Mount Access Point

GWN7600/7600LR Firmware Release Notes IMPORTANT UPGRADING NOTE

ITCertMaster. Safe, simple and fast. 100% Pass guarantee! IT Certification Guaranteed, The Easy Way!

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

cnpilot Indoor e400 Gigabit Wi-Fi: ac dual band 2x2 Indoor access point

GWN7610 Firmware Release Note IMPORTANT UPGRADING NOTE

DWS-4000 Series DWL-3600AP DWL-6600AP

Integrating Meraki Networks with

WisCloud Access Controller V /6/9

Configuring a Basic Wireless LAN Connection

Cisco WLC. (For Version ) CoA Setup Guide

Grandstream Networks, Inc. Captive Portal Authentication via Twitter

300Mbps Wireless N Gigabit Ceilling Mount Access Point

CCIE Wireless v3.1 Workbook Volume 1

HP Cloud-Managed Networking Solution Release Notes

Application Example of Omada Controller

Alcatel-Lucent Enterprise OAW-AP User Guide (OAW-AP1101) March Rev. B

Language Customization ArubaOS Captive Portal

User Directories and Campus Network Authentication - A Wireless Case Study

Wireless Network Security

Peplink Balance: 20 / 30 / 30 LTE / 50 / One / 210 / 310 / 305 HW2 / 380 HW6 / 580 HW2-3 / 710 HW3 / 1350 HW2 / 2500

A connected workforce is a more productive workforce

Identity Services Engine Guest Portal Local Web Authentication Configuration Example

Grandstream Networks, Inc.

5 Tips to Fortify your Wireless Network

User Guide. Omada Controller Software

Dual Band ac PoE AP

WHG711 Wireless LAN Controller

Network Deployment Guide for NovoPRO

Wireless Client Isolation. Overview. Bridge Mode Client Isolation. Configuration

ACMP_6.4


WiNG 5.8 HOTSPOT HOW-TO. RRC Poland Auto ID 2015

Learn How to Configure EnGenius Wi-Fi Products for Popular Applications

Configuring Basic Wireless Settings on the RV130W

ScreenBeam Wireless display over LAN

SBI Capital Markets Limited Page - 1 -

FortiNAC. Cisco Airespace Wireless Controller Integration. Version: 8.x. Date: 8/28/2018. Rev: B

HPE IMC UAM BYOD Quick Deployment on Mobile Device Configuration Examples

Your wireless network

Grandstream Networks, Inc. Captive Portal Authentication via RADIUS

Transcription:

Case Study Captive Portal with QR Code authenticator assisted Guest receives a QR code that is authenticated by an authenticator on the external RADIUS server QR Code Introduction The Captive Portal with QR Code is a new function on NXC controller 2500 / 5500 with firmware version 4.20. This new feature offers two convenient and fast methods to access the Internet. The first method is authenticator assisted. This means that the employees are the authenticators, who can authenticate the guest to access the Internet. The second method is self-serviced; in which employee (authenticator) produces the QR code and publishes it for guests. The guest can use a mobile device to scan the QR code to pass the authentication. The Captive portal with QR code can be utilized for some applications including private enterprises, hostility, schools, seminars, meetings and guests to access the network for the duration of their visit. Tasks Configure the WLAN controller NXC2500 / 5500 of the network interface Configure the WLAN controller NXC2500 /5500 with External RADIUS server. Configure the WLAN controller NXC2500 / 5500 of Captive Portal with QR Code. 1

Scenario Authenticator - assisted A guest connects to the Guest SSID with captive portal authentication. NXC receives the connected request from the guest and leads to the page of captive portal with QR code. The employee (authenticator) uses a mobile device with an IP address that has authentication ability to scan the QR code from the guest s device. NXC receives the authentication request. After NXC checks the authenticated request, it will send the authenticated response to the employee s mobile device. 2

The Configuration of Captive Portal with QR Code Authenticator - assisted Employees are the members of VLAN 10, which can access the Internet by passing the authentication with enterprise security (802.1X). Guests are the members of VLAN 20, which can access the Internet by the employee authenticating the guest s QR code. Step 1: Go to Interface > VLAN > Add. Create three VLANs as the DHCP servers, VLAN 0 is management VLAN. VLAN 10 is for employees, and VLAN 20 is for guest use. Step 2: Set GE2 to external interface to act as a DHCP client. 3

Set GE2 out of VLAN 0. 4

Step 3: Set a routing policy. 5

Step 4: Go to Zone > Edit. Set VLAN 10 and VLAN 20 be a WLAN, therefore, the members of VLAN 10 can access the members of VLAN 20. The employee in VLAN 10 can authenticate guests in the VLAN 20. 6

Step 5: Create user information for guests and employees to login to the Captive portal. Go to User/Group > User > Add. * The User Type of guest must be guest or user. QR-Guest ZT001, ZT002, and employees are authenticators on the external RADIUS server. 7

Set a group for authenticator (employee) accounts. Go to User/Group > User > Group > add. Edit the member of group list. Authenticator (Employee) information on the external authentication (RADIUS) server. 8

Step 6: Go to AAA server > RADIUS > Add > Edit. RADIUS Server configure the RADIUS server and port number: 1812 is default. 9

Confirm that there are authenticator accounts on the external authentication server. 10

Step 7: Go to Auth. Method > Add. Auth Method set to group Ext_RADIUS and local. If you enable QR code, local Auth. Server must be in Authentication Method. The guest account must be pre-configured on the NXC controller. 11

Step 8: Add an IP address range on VLAN 20 for guests that need to login to the captive portal, and add the interface subnet of the employee on VLAN 10. Go to Address > Address > Add. The IP address range for guest use need to login to the captive portal: The interface subnet of employees on VLAN 10: 12

Step 9: To prevent guests in VLAN 20 from accessing VLAN 10, go to Firewall > Add. Add a firewall rule to deny guest access to the member of VLAN 10. 13

Step 10: Go to Captive Portal > Captive Portal > Authentication Policy Summary. Select Auth_Ext_RADIUS for Authentication Method, and then add an authentication policy. 14

Step 11: Select the IP address range for guests that will be forced to be authenticated by the captive portal. Select the interface subnet for the employee VLAN interface. 15

Step 12: Enable the captive portal feature, and authentication with the QR code. Select Authenticator - assisted and then apply the configuration. Guest Account: Select the guest users. QR Portal Address: Select the VLAN interface of Authenticator. Authenticator: The group of authenticator to authenticate the guests. 16

Step 13: Configure AP Profile > SSID > Security List > Add. If the information of authenticator is on the external authentication server, then select the auth. method that is directed to the authentication server for employees. 17

Add one none security profile for guests. 18

Step 14: Go to AP Profile > SSID > Add. Create two SSIDs for guests and employees. The SSID for guests use is named Guest_QR with VLAN ID 20. The SSID for employee use is named Employee_1F with VLAN ID 10 and enterprise security. 19

Step 15: Create a radio configuration for the AP. Go to AP Profile > Radio > Add. 20

Step 16: Go to AP Management > AP Group Select the Radio AP profile and SSID profile to provide Wi-Fi service for guests and employees. 21

Step 17: Guests can use a mobile device to connect to the SSID and open the webpage. It would show the page of the captive portal with QR code. 22

Step 18: Find the employee who is able to authenticate guests by scanning the guest s QR code. After scanning the QR code from the guest s device, the employee s mobile device will show the result of the authentication. Step 19: Go to Login Users. You can see that the guest has obtained the IP address, as well as who was authenticated by the authenticator. Then, the guest can access the Internet. 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback