Captive Portal for Guest Access
13.1 Understanding Captive Portal
SCALANCE W1750D UI
162
Configuration Manual, 02/2018, C79000-G8976-C451-02
13.1.2
Walled Garden
The administrators can also control the resources that the guest users can access and the
amount of bandwidth or airtime they can use at any given time. When an external captive
portal is used, the administrators can configure a walled garden, which determines access to
the URLs requested by the guest users. For example, a hotel environment where the
unauthenticated users are allowed to navigate to a designated login page (for example, a
hotel website) and all its contents. The users who do not sign up for the Internet service can
view only the “allowed” websites (typically hotel property websites).
The administrators can allow or block access to specific URLs by creating a whitelist and
blacklist. When the users attempt to navigate to other websites, which are not in the whitelist
of the walled garden profile, the users are redirected to the login page. If the requested URL
is on the blacklist, it is blocked. If it appears on neither list, the request is redirected to the
external captive portal.
SCALANCE W supports the captive portal authentication method, where a web page is
presented to the guest users when they try to access the Internet from hotels, conference
centers, or Wi-Fi hotspots. The web page also prompts the guest users to authenticate or
accept the usage policy and terms. Captive portals are used at many Wi-Fi hotspots and can
be used to control wired access as well.
The SCALANCE W captive portal solution consists of the following:
●
The captive portal web login page hosted by an internal or external server.
●
The RADIUS authentication or user authentication against AP's internal database.
●
The SSID broadcast by the AP.
Using SCALANCE W, the administrators can create a wired or WLAN guest network based
on captive portal authentication for guests, visitors, contractors, and any non-employee
users who can use the enterprise Wi-Fi network. The administrators can also create guest
accounts and customize the captive portal page with organization-specific logo, terms, and
usage policy. With captive portal authentication and guest profiles, the devices that connect
to the guest SSID are assigned IP addresses and an initial role. When a guest user tries to
access a URL through HTTP or HTTPS, the captive portal web page prompting the user to
authenticate with a username and password is displayed.