NXC2500 Captive Portal Question
Hello Everbody,
i'm searching for some help and usefull tips regarding nxc2500 controller and captive portal issues due to guest vlan / wlan
pls have a look at my scheme:
3 vlans --> 1 guest vlan (vlanid 200)
dhcp server for all vlans running on usg
guest wlan ssid with vlanid 200 should be accessed via captive portal and qr-code, as far as i have read a one click captive portal is not possible directly on nxc 2500
my ap's all have only brigde operating mode, not tunnel..
here are my questions:
1, my controller is not connected between switch and usg, but directly with port ge1 to switch, is this a problem for captive portal for guest users / guest vlan / wlan and redirect?
2, due to impossible tunnel mode do i have a problem with my captive portal? do i need to change topology? nxc 2500 between usg and switch?
3, which portal mode should i choose? redirect on controller or redirect on ap? but for qr code i need redirect on controller i think?
3, which portal mode should i choose? redirect on controller or redirect on ap? but for qr code i need redirect on controller i think?
4, is redirect on controller only available if using tunnel mode on ap?
maybe someone can help me,
regards, fabian
0
Accepted Solution
-
Hi @shortl
NXC does not support one-click to login. If you need this feature, you can use Nebula.
About the certificate, you may apply for it as hostname, and add an A-record for the hostname on your USG for NXC private IP address.
Joslyn0
Zyxel Employee
All Replies
-
Hi @shortl
The NXC with using local bridge mode must be on the way from the station to the internet. So, if you need to use redirect on the controller, the NXC must be between the USG and the switch.
Here is the answer for your question.
Q1, Q2. Yes, since the NXC is not on the way betwen the station and internet, NXC cannot detect the traffic and redirect the portal page. That's why the clients cannot see the login page.
Q3. If the stations need to login via account/password, it can be redirect on the AP because the redirect action will be done by the AP.
However, if you want to use QR code which only supports on redirect on controller, you might need to change the topology.
Q4. Yes, if the NXC is not on the way, tunnel mode will force all the traffic back to NXC, and NXC will help to redirect the login page.
Joslyn0 -
hi joslyn,thx for your helpjust as i thought, i've redesigned network topology and now captive portal with redirect on controller is working as suspectedwith user/pwd and qr-codei've 2 more questions:1, one click login support on controller? will there be a new firmware? or only on nebula platform?2, certificates on controller cause auth-page certificate warning, i've only freessl certs of my webpage and controller does not have official ipregards, fabian0
-
Hi @shortl
NXC does not support one-click to login. If you need this feature, you can use Nebula.
About the certificate, you may apply for it as hostname, and add an A-record for the hostname on your USG for NXC private IP address.
Joslyn0 -
hi joslyn,i've one question left regarding the certificate:i've the cert-singin-request, the private key, intermediate and certificateas i see nxc can import pkcs12 formats, so i've used openssl to generate a pkcs12 file with the files abovei've cross checked the cert, key and csrall matchbut import on nxc fails --> error cert and key do not matchhow can i handle this problem?regards, fabian0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 264 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight
