beautypg.com

Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 205

background image

Brocade Mobility Access Point System Reference Guide

195

53-1003100-01

5

FIGURE 92

Profile Services - Services screen

5. Refer to the Captive Portal Hosting field to select or set a guest access configuration (captive

portal) for use with this profile.

A captive portal is guest access policy for providing guests temporary and restrictive access to the
access point managed network.

A captive portal provides secure authenticated access using a standard Web browser. Captive
portals provides authenticated access by capturing and re-directing a wireless user's Web browser
session to a captive portal login page where the user must enter valid credentials to access to the
wireless network. Once logged into the captive portal, additional Agreement, Welcome and Fail
pages provide the administrator with a number of options on screen flow and user appearance.

Either select an existing captive portal policy, use the default captive portal policy or select the
Create link to create a new captive portal configuration that can be applied to this profile. For more
information, see Configuring Captive Portal Policies on page 9-569.

6. Select OK to save the changes made to the profile’s services configuration. Select Reset to

revert to the last saved configuration.

Profile Services Configuration and Deployment Considerations

Profile Services Configuration

Before defining a profile’s captive portal and DHCP configuration, refer to the following deployment
guidelines to ensure the profile configuration is optimally effective:

A profile plan should consider the number of wireless clients allowed on the profile’s guest
(captive portal) network and the services provided, or if the profile should support guest
access at all.

Profile configurations supporting a captive portal should include firewall policies to ensure
logical separation is provided between guest and internal networks so internal networks and
hosts are not reachable from guest devices.

DHCP’s lack of an authentication mechanism means a DHCP server supported profile cannot
check if a client or user is authorized to use a given user class. This introduces a vulnerability
when using user class options. Ensure a profile using DHCP resources is also provisioned with
a strong user authorization and validation configuration.

See also other documents in the category Brocade Computer Accessories: