NXC2500 Captive Portal Question

Hello Everbody,

i'm searching for some help and usefull tips regarding nxc2500 controller and captive portal issues due to guest vlan / wlan

pls have a look at my scheme:

3 vlans --> 1 guest vlan (vlanid 200)

dhcp server for all vlans running on usg

guest wlan ssid with vlanid 200 should be accessed via captive portal and qr-code, as far as i have read a one click captive portal is not possible directly on nxc 2500

my ap's all have only brigde operating mode, not tunnel..

here are my questions:

1,  my controller is not connected between switch and usg, but directly with port ge1 to switch, is this a problem for captive portal for guest users / guest vlan / wlan and redirect?

2, due to impossible tunnel mode do i have a problem with my captive portal? do i need to change topology? nxc 2500 between usg and switch?

3, which portal mode should i choose? redirect on controller or redirect on ap? but for qr code i need redirect on controller i think?

4, is redirect on controller only available if using tunnel mode on ap?

maybe someone can help me,

regards, fabian

Accepted Solution

  • Zyxel_Joslyn
    Zyxel_Joslyn Posts: 313  Zyxel Employee
    Accepted Answer
    Hi @shortl

    NXC does not support one-click to login. If you need this feature, you can use Nebula.

    About the certificate, you may apply for it as hostname, and add an A-record for the hostname on your USG for NXC private IP address.


All Replies

  • Zyxel_Joslyn
    Zyxel_Joslyn Posts: 313  Zyxel Employee
    Hi @shortl

    The NXC with using local bridge mode must be on the way from the station to the internet. So, if you need to use redirect on the controller, the NXC must be between the USG and the switch. 
    Here is the answer for your question.
    Q1, Q2. Yes, since the NXC is not on the way betwen the station and internet, NXC cannot detect the traffic and redirect the portal page. That's why the clients cannot see the login page.
    Q3. If the stations need to login via account/password, it can be redirect on the AP because the redirect action will be done by the AP.

    However, if you want to use QR code which only supports on redirect on controller, you might need to change the topology.
    Q4. Yes, if the NXC is not on the way, tunnel mode will force all the traffic back to NXC, and NXC will help to redirect the login page.

  • shortl
    shortl Posts: 8
    hi joslyn,

    thx for your help

    just as i thought, i've redesigned network topology and now captive portal with redirect on controller is working as suspected

    with user/pwd and qr-code

    i've 2 more questions:

    1, one click login support on controller? will there be a new firmware? or only on nebula platform?

    2, certificates on controller cause auth-page certificate warning, i've only freessl certs of my webpage and controller does not have official ip

    regards, fabian
  • shortl
    shortl Posts: 8
    hi joslyn,

    i've one question left regarding the certificate:

    i've the cert-singin-request, the private key, intermediate and certificate

    as i see nxc can import pkcs12 formats, so i've used openssl to generate a pkcs12 file with the files above

    i've cross checked the cert, key and csr

    all match

    but import on nxc fails --> error cert and key do not match

    how can i handle this problem?

    regards, fabian
Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!

Community News