![background image](http://html1.mh-extra.com/html/aerohive/access-point/access-point_deployment-manual_2862625153.webp)
Chapter 12 Common Configuration Examples
152
Aerohive
Providing Network Settings
In addition to various registration types, Aerohive offers two approaches to providing captive web portal clients
with network settings. One approach uses external DHCP and DNS servers on the network, and the other uses
internal DHCP and DNS servers on the HiveAP itself.
Captive Web Portal with External DHCP and DNS Servers
With this approach, when the client of a previously unregistered visitor first associates with the guest SSID, the
HiveAP allows DHCP and DNS traffic to pass through so that the client can receive its address and TCP/IP
assignments and resolve domain names to IP addresses. It also allows ICMP traffic for diagnostic purposes. However,
the HiveAP intercepts all HTTP and HTTPS traffic from that client—and drops all other types of traffic—thereby
limiting its network access to just the HiveAP with which it associated. No matter what website the visitor tries to
reach, the HiveAP directs the visitor’s browser to a registration page. After the visitor registers, the HiveAP stores
the client’s MAC address as a registered user, applies the appropriate user profile to the visitor, and stops keeping
the client captive; that is, the HiveAP no longer intercepts HTTP and HTTPS traffic from that MAC address, but
allows the client to access external web servers. The entire process is shown in
Figure 8
.
Figure 8
Captive web portal exchanges using external DHCP and DNS servers
Wireless Client
Wireless Access Point
DHCP Client
DHCP Server
Forming an association
Address and TCP/IP assignments
Association Request
Association Response
1
2
DHCP Request
DHCP ACK
DHCP Discover
DHCP Offer
The client forms an association with the HiveAP
but the visitor has not yet registered. The
HiveAP allows DHCP, DNS, and ICMP* services
through. It redirects all HTTP and HTTPS traffic
to its own web server and drops all other traffic.
* If the HiveAP enforces a firewall policy that blocks
ICMP services from registered users, it will also
block them from unregistered users. In contrast to
ICMP, DHCP and DNS are essential services that
must always be permitted by the HiveAP firewall.
The HiveAP allows DHCP traffic to pass
between the client of an unregistered user and
a DHCP server so that the client can receive
its IP address and TCP/IP assignments.
Содержание access point
Страница 1: ...Aerohive Deployment Guide ...
Страница 7: ...HiveAP Compliance Information 6 Aerohive ...
Страница 13: ...Contents 12 Aerohive ...
Страница 37: ...Chapter 2 The HiveAP 20 ag Platform 36 Aerohive ...
Страница 71: ...Chapter 4 The HiveAP 340 Platform 70 Aerohive ...
Страница 81: ...Chapter 5 The HiveAP 320 Platform 80 Aerohive ...
Страница 105: ...Chapter 8 The High Capacity HiveManager Platform 104 Aerohive ...
Страница 123: ...Chapter 10 Using HiveManager 122 Aerohive ...
Страница 209: ...Chapter 14 Deployment Examples CLI 208 Aerohive ...
Страница 217: ...Appenidix A Country Codes 216 Aerohive ...