Adding to Captive Whitelist

Michael_Carter · June 30, 2015, 2:51am

When you add the new facebook Captive on any SSID it turns it on for the LAN. Which is fine. But it overwrites any Captive pre-existing settings, like the whitelist. I have devices on my network which have no user attached to them and this Captive is blocking them from accessing the internet.

How do I add the whitelist values to InControl2?

Michael · July 1, 2015, 7:36pm

Probably your device is a MAX or a Balance One. For MAX and Balance One, when you enable Captive Portal on an SSID on IC2, the Captive will actually be applied on the VLAN of the SSID instead of just the SSID. Without VLAN enabled on the device, it will imply the Captive Portal is applied on the LAN as well. That’s why LAN clients see the captive portal.

Adding of client whitelist is not available in IC2 yet and we will add it later. But I have solution for you:

Enable VLAN by going to Network > LAN > IP Settings, clicking the “?” icon and then the “here” link.
Add a new LAN with a VLAN ID, say, 10. The IP and subnet shall be different from the Untagged one. Save and apply the changes.
On IC2, change the VLAN ID of the captive portal enabled SSID to 10. Press the Save button.

Then the captive portal will be applied to the SSID only. LAN clients will not see the captive portal any more.

Hope this helps.

Michael_Carter · July 2, 2015, 12:09am

Michael_Chan:

Probably your device is a MAX or a Balance One. For MAX and Balance One, when you enable Captive Portal on an SSID on IC2, the Captive will actually be applied on the VLAN of the SSID instead of just the SSID. Without VLAN enabled on the device, it will imply the Captive Portal is applied on the LAN as well. That’s why LAN clients see the captive portal.

Adding of client whitelist is not available in IC2 yet and we will add it later. But I have solution for you:

Enable VLAN by going to Network > LAN > IP Settings, clicking the “?” icon and then the “here” link.

Add a new LAN with a VLAN ID, say, 10. The IP and subnet shall be different from the Untagged one. Save and apply the changes.

On IC2, change the VLAN ID of the captive portal enabled SSID to 10. Press the Save button.

Then the captive portal will be applied to the SSID only. LAN clients will not see the captive portal any more.

Hope this helps.

Yep Balance One:

Guess this is good for the time being. But really like this idea of Facebook identification on my network for any guest computers. Then I don’t have to be constantly sharing WiFi passwords and such. But it’s a little useless without being able to control the white list as things like CrashPlan backups get blocked if the user doesn’t log in.

Michael_Carter · July 2, 2015, 12:51am

To ask the question from another angle… any way to program the Captive on the LAN to use facebook identification? … and if I do will InControl reports still reflect the users?

I really like this facebook identification. Allows for visitors to use our network without the need to share passwords.

Michael · July 2, 2015, 11:16am

Enabling the Captive on the LAN only is not yet “formally” available. It is a because the current design allows user to enable the Captive only on an SSID. We are working on Captive on LAN support.

Here is an unofficial workaround. Create a dummy SSID on the untagged VLAN with SSID visibility set to hidden, encryption on. Enable the Captive on this SSID. So all LAN clients on the LAN (or untagged VLAN) will see the Captive.

BTW, please note that the firmware Balance/MAX firmware 6.2.1 supports only one Captive. If multiple SSIDs (on different VLAN) are also enabled with the Captive, only the first SSID’s Captive will be seen.