Providing Network Settings - Black Box LWN602A User Manual

Smartpath enterprise wireless system

Hide thumbs Also See for LWN602A:

User manual (196 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

Table of Contents

Chapter 9: Common Configuration Examples

9.3.2 Providing Network Settings

In addition to various registration types, Black Box offers two approaches to providing captive Web portal clients with network

settings. One approach uses external DHCP and DNS servers on the network, and the other uses internal DHCP and DNS servers

on the SmartPath AP itself.

Captive Web Portal with External DHCP and DNS Servers

With this approach, when the client of a previously unregistered visitor first associates with the guest SSID, the SmartPath AP

allows DHCP and DNS traffic to pass through so that the client can receive its address and TCP/IP assignments and resolve domain

names to IP addresses. It also allows ICMP traffic for diagnostic purposes. However, the SmartPath AP intercepts all HTTP and

HTTPS traffic from that client—and drops all other types of traffic—thereby limiting its network access to just the SmartPath AP

with which it associated. No matter what website the visitor tries to reach, the SmartPath AP directs the visitor's browser to a

registration page. After the visitor registers, the SmartPath AP stores the client's MAC address as a registered user, applies the

appropriate user profile to the visitor, and stops keeping the client captive; that is, the SmartPath AP no longer intercepts HTTP

and HTTPS traffic from that MAC address, but allows the client to access external web servers. The entire process is shown in

Figure 9-8.

Wireless Client

The client forms an association with the

SmartPath AP but the visitor has not yet

registered. The SmartPath AP allows DHCP,

DNS, and ICMP* services through. It redirects

all HTTP and HTTPS traffic to its own web

server and drops all other traffic.

If the SmartPath AP enforces a firewall policy

* If the SmartPath AP enforces a firewall policy that

that blocks ICMP services from registered users,

blocks ICMP services from registered users, it

it will also block them from unregistered users. In

will also block them from unregistered users. In

contrast to ICMP, DHCP and DNS are essential

services that must always be permitted by the

SmartPath AP firewall.

Figure 9-8. Captive Web portal exchanges using external DHCP and DNS servers.

Page 106

Forming an association

Wireless Access Point

Association Request

Association Response

SmartPath AP firewall.

724-746-5500 | blackbox.com

Address and TCP/IP assignments

DHCP Client

DHCP Discover

DHCP Request

The SmartPath AP allows DHCP traffic to pass

between the client of an unregistered user and

a DHCP server so that the client can receive

its IP address and TCP/IP assignments.

DHCP Server

DHCP Offer

DHCP ACK

Table of Contents

Chapters

Table of Contents

This manual is also suitable for:

Lwn602ae Lwn602ha Lwn602hae

Providing Network Settings - Black Box LWN602A User Manual

9.3.2 Providing Network Settings

Chapters

Related Manuals for Black Box LWN602A

Related Content for Black Box LWN602A

This manual is also suitable for:

Table of Contents