• November 25, 2020, 03:07:55 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Guest WiFi Captive Portal setup with 2 clusters?  (Read 5900 times)

0 Members and 1 Guest are viewing this topic.

Offline VeniVidiVidic

  • Rookie
  • **
  • Posts: 10
Guest WiFi Captive Portal setup with 2 clusters?
« on: August 21, 2013, 08:34:38 AM »
Hi,

I've got a problem that from my reading the How To and Design Guide for captive portals don't cover. I have 2 separate RFS7000 clusters as we will have more than 1024 AP's but from an IP perspective the Guest Wifi VLAN covers both clusters and they will provide Split Scope DHCP.

However how can I have Captive Portal Server mode and RADIUS user group configured as such no matter which of the 2 clusters your AP is adopted by you are authenticated by the same internal RADIUS pool.

Would I create the pool on one cluster and set it to use Centralized with it's own IP as the Captive Portal Server and on the 2nd cluster set it the same. So both clusters refer to the 1st cluster and the Portal and RADIUS pool only exists there?

Thanks for any advice.


Offline noobie

  • Full Member
  • ***
  • Posts: 92
Re: Guest WiFi Captive Portal setup with 2 clusters?
« Reply #1 on: August 21, 2013, 10:37:38 AM »
Hi,
If you want cluster redundancy with captive portal, you need to use centrallized-controller mode (i.e. using hostname instead of the IP address + hosting vlan interface).
I assume that you have active/active cluster, am I correct (since you have more than 1024 APs on 2 RFS7Ks)?

Offline VeniVidiVidic

  • Rookie
  • **
  • Posts: 10
Re: Guest WiFi Captive Portal setup with 2 clusters?
« Reply #2 on: August 21, 2013, 10:53:11 AM »
Sorry probably didn't explain myself as well as I could. We have 2 RFS7000 controllers each with 1024 licenses in a DC with each being the Active cluster member for separate clusters. The backup cluster member for each of those 2 are in a different DC. So 2 x 2 controller clusters - VLANs and WLANs in use are identical across the two cluster pairs.

So in that context I guess I'm asking if I can set the 1st cluster as the target of the second clusters Captive Portal Server setting? This setup is not described anywhere I can see.


Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3842
    • michaelfmcnamara
    • Michael McNamara
Re: Guest WiFi Captive Portal setup with 2 clusters?
« Reply #3 on: August 22, 2013, 08:40:40 AM »
If your installation is that large it's probably best to look at a third-party guest solution and just bridge the guest traffic to that router/captive portal/firewall/etc.
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline VeniVidiVidic

  • Rookie
  • **
  • Posts: 10
Re: Guest WiFi Captive Portal setup with 2 clusters?
« Reply #4 on: August 23, 2013, 08:25:13 AM »
If your installation is that large it's probably best to look at a third-party guest solution and just bridge the guest traffic to that router/captive portal/firewall/etc.

Thanks, can anyone advise they have experience of?

Although to be honest the guest WiFi is quite low profile and not sure I'd want to pay for a solution as we are happy with a daily username/pw being created on the internal radius account that all guests at our head office's use for the day. Traffic will go through a McAfee web gateway so "bad" traffic will be blocked and internet bandwidth is segregated so bandwidth hogs are not a concern either. So if anyone has directed a controller to another controllers internal RADIUS user pool I'd be interested in hearing if it worked?

As I said I've been left with a partially live setup (Not of my making I add!) so don't want to test by doing too much!

Offline mwted

  • Rookie
  • **
  • Posts: 6
Re: Guest WiFi Captive Portal setup with 2 clusters?
« Reply #5 on: August 23, 2013, 02:26:30 PM »
I tried something like this in my lab while waiting for a proper RADIUS server to be built.  I set the cluster that had the RADIUS to onboard-controller in the AAA policy and in the second cluster setup the AAA policy as a host pointing to the first cluster.  I would think that you should setup a VRRP between the active and standby in your authentication cluster though if you haven't already so if the primary fails the guest clients don't need to re-authenitcate when the system failsover to the backup switch.

Offline Jakub

  • Jr. Member
  • **
  • Posts: 31
Re: Guest WiFi Captive Portal setup with 2 clusters?
« Reply #6 on: September 26, 2013, 06:27:31 AM »
Yep VRRP is solution. I am trying it now for our Guest and it looks promising. Question is where to have captive-portal .. on controller or APs itselfs? We tried on APs but had issue with session timeout (set to 24h) because I want to put credentials for guest just once per week. Unfortunately CP asked for credential repeately so I have to change it back to centralized-controller. Now it is better but still sometimes some devices (mainly iPhones) reguired reauth.

P.S: We use now WiNG 5.4.4
« Last Edit: September 26, 2013, 07:06:30 AM by Jakub »