724-746-5500 | blackbox.com
Page 122
724-746-5500 | blackbox.com
Chapter 9: Common Configuration Examples
3
4
DNS Querient
DNS Server
HTTP Client
HTTP Server
DNS address resolution
HTTP connection to the captive web portal
HTTP GET
Reply
When the client sends an HTTP or HTTPS
GET command, the SmartPath AP intercepts it
and sends it to its HTTP server, which replies
with a guest access registration page. The
user must agree to an acceptable use policy,
fill in some fields, and then submit the form.
The SmartPath AP allows DNS queries and
replies between the client of an ungregistered
user and a DNS server.
DNS Query
DNS Reply
HTTP Client
HTTP Server
Wireless
Client
Servers
Registration
SmartPath EMS
DHCP, DNS, and HTTP Forwarding
5
6
Wireless
Acess Point
After the user provides a username and
password, and submits the registration, the
SmartPath AP forwards the access request
to SmartPath EMS. If SmartPath EMS
approves the request, the SmartPath AP
then moves the client’s MAC address from
a quarantined list to a registered list.
The SmartPath AP applies the user profile for
registered guests and forwards all types of
traffic to the rest of the network, as permitted
by firewall policies assigned to that user profile.
Registration
Quarantine
MAC: 0016:cf8c:57bc
Registered
MAC: 0016:cf8c:57bc
DHCP
DNS
HTTP
Figures 9-9 and 9-10. Captive Web portal exchanges using HTTP.
To enable the captive web portal to forward DHCP and DNS traffic from unregistered users to external servers on the network,
click Configuration > Advanced Configuration > Authentication > Captive Web Portals > New, and select Use external DHCP and
DNS servers on the network.
Captive Web Portal with Internal DHCP and DNS Servers
With this approach, when the client of an unregistered user first associates with the SmartPath AP, it acts as a DHCP, DNS, and
Web server, limiting the client’s network access to just the SmartPath AP with which it is associated. No matter what website the
user tries to reach, the SmartPath AP directs the browser to a registration page. After the user registers, the SmartPath AP stores
the client’s MAC address as a registered user and stops keeping the station captive; that is, the SmartPath AP no longer acts as a
DHCP, DNS, and web server for traffic from that MAC address, but allows the client to access external servers. The entire process
is shown in Figures 9-11 and 9-12.