Integración de NETGEAR Insight y puntos de acceso empresariales con Purple WiFi

Esta guía proporciona a los gerentes de TI una hoja de ruta técnica definitiva para integrar NETGEAR Insight y los puntos de acceso empresariales WAX con Purple WiFi. Cubre configuraciones esenciales, incluidos Captive Portals para invitados, redes de personal 802.1X y segmentación multiinquilino mediante PPSK y asignación dinámica de VLAN.

📖 6 min de lectura📝 1,295 palabras🔧 2 ejemplos resueltos❓ 3 preguntas de práctica📚 8 definiciones clave

Escucha esta guía

Ver transcripción del podcast

Welcome to Purple's Technical Briefing. Today we are covering a topic that comes up constantly in our conversations with IT managers and network architects across hospitality, retail, and multi-tenant venues: how to integrate NETGEAR Insight and WAX series access points with Purple WiFi. If you are running a hotel, a retail park, a conference centre, or a mixed-use development, this briefing is directly relevant to your next deployment decision.

Let us set the scene. NETGEAR's WAX series - the WAX610, WAX620, and WAX630 - are WiFi 6 access points managed through the Insight cloud platform. They support up to eight separate SSIDs per radio, WPA3 encryption, and up to six gigabits of throughput on the WAX630. They are PoE-powered, ceiling-mountable, and managed from a single pane of glass through the Insight Cloud Portal. For an IT installer or SMB network administrator, this is a genuinely capable platform at a price point well below the Cisco Meraki or HPE Aruba tier.

Purple is a hardware-agnostic cloud overlay. We sit on top of your existing infrastructure and we add the guest experience layer, the data capture layer, and the analytics layer. We have processed 440 million logins in 2024 across 80,000 live venues. The integration with NETGEAR Insight is clean and well-documented, and it covers four distinct use cases that we will walk through today.

Now let us get into the technical deep-dive. The four use cases are: Guest WiFi with a Purple captive portal, Secure Staff WiFi using 802.1X, Multi-Tenant segmentation using NETGEAR's PPSK feature, and dynamic VLAN assignment via RADIUS for Identity-Based Networks.

Use case one: Guest WiFi with a Purple captive portal. This is the most common starting point. You create a dedicated Guest SSID in NETGEAR Insight and you configure it as an open network. The key configuration is in the Captive Portal section of the SSID settings. You select External Captive Portal, and you paste in the Splash Page URL that Purple provides.

Next, you configure the authentication type. For most Purple deployments, you will select RADIUS authentication. Purple provides you with a primary RADIUS server IP address, port 1812 for authentication and port 1813 for accounting, and a shared secret. You paste those into the NETGEAR Insight External Captive Portal configuration. You also set a NAS Identifier - this is a string that identifies this specific access point or location to the RADIUS server. Use something meaningful, like your venue name and location code.

The walled garden is the piece that trips up most installers. Before a guest authenticates, their device needs to be able to reach the Purple splash page, the authentication servers, and any social login providers you have enabled. NETGEAR Insight has a dedicated Walled Garden section in the External Captive Portal configuration where you add these URLs. Purple's support documentation provides the exact list of domains to whitelist. Get this wrong and guests will see a blank page instead of your branded portal.

Once configured, the flow works like this: a guest connects to the Hotel Guest SSID. The access point intercepts their first HTTP request and redirects them to the Purple splash page. The guest sees your branded portal, accepts the terms, and optionally provides their email address or logs in via social media. Purple's RADIUS server returns an Access-Accept message to the access point, and the guest is granted internet access. Purple captures the consent data, logs the session, and that data flows into your Purple analytics dashboard.

Use case two: Secure Staff WiFi using 802.1X. This is where you move away from shared passwords entirely. For staff networks, a pre-shared key is a liability - when an employee leaves, you have to change the password for everyone. 802.1X, defined in the IEEE 802.1X standard, gives every user an individual credential. When they leave, you disable their account in your directory and their access is revoked instantly.

In NETGEAR Insight, you configure a separate Staff SSID with WPA2 Enterprise security. This tells the access point to use 802.1X authentication rather than a pre-shared key. You then configure the RADIUS server settings at the network location level. Go to the network location settings, select RADIUS, enable 802.1X Access Authentication, and enter your RADIUS server IP, port, and shared secret. The default reauthentication interval is 3,600 seconds - one hour - which is a reasonable starting point for most venues.

The most common EAP method in SMB deployments is PEAP-MSCHAPv2, which uses a server-side certificate to create an encrypted tunnel inside which the user authenticates with their Active Directory username and password. EAP-TLS is more secure - it uses certificates on both sides - but it requires a PKI infrastructure and MDM to push certificates to devices.

One critical point: enforce certificate validation on every client device. Configure your Windows devices via Group Policy Objects and your mobile devices via MDM profiles to validate the RADIUS server's certificate. If you skip this step, devices are vulnerable to rogue access point attacks where an attacker presents a fake certificate and captures credentials.

Use case three: NETGEAR PPSK for multi-tenant venues. Private Pre-Shared Key solves a specific problem in retail parks, mixed-use developments, and co-working spaces. You have multiple tenants sharing the same physical WiFi infrastructure. You do not want to run separate SSIDs for each tenant - that creates radio frequency congestion and management complexity. But you also cannot give everyone the same password, because then Tenant A can see Tenant B's traffic.

PPSK solves this elegantly. You create a single SSID and you create multiple pre-shared keys in NETGEAR Insight under Wireless, Settings, Advanced, Multi PSK Settings. Each key is associated with a specific VLAN. Tenant A gets a unique 16-character password that maps to VLAN 30. Tenant B gets a different password that maps to VLAN 40. The venue management team gets a third password that maps to VLAN 20, which has access to management systems.

When Tenant A's devices connect using their password, the access point automatically places them on VLAN 30. They cannot see any traffic on VLAN 40 or VLAN 20. From a tenant's perspective, they just have a WiFi password. From your perspective as the network administrator, you have complete traffic isolation between tenants with zero additional hardware.

There are two important limitations to know. First, PPSK in NETGEAR Insight requires WPA2 Personal or WPA2 Personal Mixed encryption. It does not work on the 6 GHz band. Second, PPSK cannot be combined with captive portal on the same SSID. If you need both, you need two separate SSIDs - which is fine, because WAX series access points support up to eight.

Use case four: dynamic VLAN assignment via RADIUS. This is the most sophisticated configuration and the one that underpins Purple's Identity-Based Networks capability. Instead of statically assigning a VLAN to a password or an SSID, you let the RADIUS server decide which VLAN to assign based on who is authenticating.

The mechanism uses three standard RADIUS attributes: Tunnel-Type, which must be set to value 13 for VLAN; Tunnel-Medium-Type, which must be set to value 6 for IEEE 802; and Tunnel-Private-Group-ID, which carries the VLAN ID as a string. When a user authenticates successfully, the RADIUS server returns these three attributes in the Access-Accept message. The access point reads them and places the client on the specified VLAN.

In practice, this means you can have a single WPA2 Enterprise SSID where a hotel manager authenticates and lands on VLAN 20 with access to property management systems, a front desk agent authenticates and lands on VLAN 21 with access to the check-in system only, and a contractor authenticates and lands on VLAN 50 with internet-only access. All from the same SSID, all enforced automatically by the RADIUS server based on Active Directory group membership.

Now let us talk implementation recommendations and pitfalls. The first pitfall is the walled garden. Every external captive portal deployment fails at the walled garden at least once. The symptom is guests connecting to the SSID but seeing a browser error instead of the splash page. The fix is methodical: open the Purple support documentation, copy every domain in the walled garden list, and paste them into NETGEAR Insight's Walled Garden section. Test with a device that has no cached credentials.

The second pitfall is RADIUS reachability. The NETGEAR access point needs to reach your RADIUS server. RADIUS uses UDP port 1812 for authentication and UDP port 1813 for accounting. Open those ports from the access point management IP to the RADIUS server IP. Test with a RADIUS test tool before you go live.

The third pitfall is PPSK and captive portal conflict. NETGEAR Insight does not allow PPSK and captive portal on the same SSID. If you need both, create two SSIDs. Name them clearly - one for PPSK tenants and one for the captive portal guests.

The fourth pitfall is certificate validation on 802.1X clients. Every Windows device needs a Group Policy Object that specifies the trusted Certificate Authority and the expected RADIUS server name. Every mobile device needs an MDM profile with the same settings. Without this, a user could unknowingly authenticate to a rogue access point and hand over their Active Directory credentials.

Now for a rapid-fire question and answer session. Question one: Can I use Purple with NETGEAR Insight without a RADIUS server? Yes, for guest captive portal deployments, you can use Purple's web authentication mode rather than RADIUS. The access point redirects to the splash page via HTTP, and Purple handles authentication through a web session. RADIUS gives you more control and better accounting data, but it is not mandatory for basic guest portal deployments.

Question two: How many PPSK keys can I create in NETGEAR Insight? NETGEAR Insight supports up to 64 PPSK keys per SSID on WAX series access points. For most multi-tenant venues, this is more than sufficient. If you have more than 64 tenants, you need to move to a RADIUS-based dynamic VLAN solution instead.

Question three: Does NETGEAR Insight support WPA3 Enterprise for 802.1X? Yes, WAX series access points support WPA3 Enterprise. For most SMB deployments, WPA2 Enterprise is sufficient and has broader client device compatibility. WPA3 Enterprise is worth considering for environments handling sensitive data, such as healthcare or financial services.

Question four: What happens if the Purple RADIUS server is unreachable? NETGEAR Insight supports a failsafe option in the External Captive Portal configuration. If you enable failsafe, guests are granted internet access for a short period even if the captive portal servers are unreachable. Purple maintains 99.999% uptime across our infrastructure, but enabling failsafe is good practice for any production deployment.

To summarise the key takeaways from today's briefing. NETGEAR WAX series access points integrate with Purple via the External Captive Portal mechanism in NETGEAR Insight. You configure the splash page URL, RADIUS server credentials, and walled garden domains in the Insight Cloud Portal. For staff networks, use WPA2 Enterprise with 802.1X and enforce certificate validation on every client device. For multi-tenant venues, NETGEAR's PPSK feature gives you per-tenant VLAN isolation from a single SSID with up to 64 unique keys. For the most sophisticated deployments, dynamic VLAN assignment via RADIUS attributes gives you identity-driven network segmentation that adapts to who is connecting, not just where they are connecting from.

If you are planning a NETGEAR deployment with Purple, the next step is to request your Purple RADIUS credentials and walled garden domain list from Purple's support team, and to test the captive portal redirect on a staging SSID before rolling out to production. The configuration takes under 30 minutes once you have those credentials in hand.

Thank you for listening to Purple's Technical Briefing. For the full written guide, including step-by-step configuration details and worked examples, visit purple.ai.

Resumen ejecutivo

Depender de claves precompartidas para el acceso WiFi empresarial es un riesgo de seguridad significativo. Una sola credencial comprometida expone toda la red, y revocar el acceso requiere cambiar la contraseña en cada dispositivo. Esta guía proporciona a los gerentes de TI y arquitectos de red una hoja de ruta definitiva para integrar NETGEAR Insight y los puntos de acceso empresariales de la serie WAX con Purple.

Detallamos cuatro arquitecturas de implementación principales: WiFi para invitados con un Captive Portal, WiFi seguro para el personal mediante 802.1X, segmentación multiinquilino a través de claves privadas precompartidas (PPSK) de NETGEAR y redes basadas en la identidad mediante la asignación dinámica de VLAN. Ya sea que opere en espacios de Hospitalidad , áreas de Retail o entornos del sector público, estas configuraciones eliminan las contraseñas compartidas, imponen una segmentación de red estricta y capturan WiFi Analytics accionables.

Escuche nuestro podcast de informe técnico a continuación para obtener una descripción general completa de la arquitectura y los errores comunes de implementación.

Análisis técnico profundo

Los puntos de acceso de la serie NETGEAR WAX (WAX610, WAX620, WAX630) son dispositivos WiFi 6 administrados en la nube y diseñados para entornos de alta densidad. Administrados a través del portal NETGEAR Insight, admiten hasta ocho SSIDs independientes por radio, cifrado WPA3 y rendimiento multi-gigabit. Purple actúa como una superposición en la nube independiente del hardware, integrándose con NETGEAR Insight para ofrecer control de acceso y captura de datos de nivel empresarial.

1. WiFi para invitados con Captive Portal

Para entornos de cara al público, debe implementar un Captive Portal externo. Esta configuración intercepta las solicitudes HTTP de los invitados y las redirige a una página de inicio alojada en Purple.

Arquitectura:

Punto de acceso: El punto de acceso NETGEAR WAX transmite un SSID para invitados abierto o WPA2 Personal.
Walled Garden: NETGEAR Insight permite el tráfico de autenticación previa hacia los servidores de Purple y los proveedores de inicio de sesión social.
Autenticación: Purple gestiona la sesión del usuario a través de RADIUS o autenticación web HTTP.

Cuando un invitado se conecta, se le presenta un portal personalizado. Al aceptar los términos y proporcionar sus datos, el servidor RADIUS de Purple devuelve un mensaje Access-Accept, otorgando acceso a Internet. Este enfoque garantiza el cumplimiento de las regulaciones de privacidad de datos como GDPR, al tiempo que captura valiosos datos de primera mano.

2. WiFi seguro para el personal (802.1X)

Las claves precompartidas son inaceptables para las redes del personal. Debe implementar la autenticación IEEE 802.1X. En este modelo, cada usuario tiene una credencial individual. Cuando un empleado se va, usted deshabilita su cuenta de directorio y su acceso se revoca instantáneamente.

En NETGEAR Insight, usted configura un SSID de personal con seguridad WPA2 Enterprise o WPA3 Enterprise. El punto de acceso actúa como el autenticador, transmitiendo mensajes del Protocolo de autenticación extensible (EAP) al servidor RADIUS. El servidor RADIUS valida las credenciales contra su directorio (por ejemplo, Microsoft Entra ID u Okta) y devuelve la decisión de autorización.

3. Segmentación multiinquilino (PPSK)

Los desarrollos de uso mixto y los parques comerciales enfrentan un desafío específico: múltiples inquilinos que comparten la infraestructura física de WiFi. Implementar SSIDs independientes para cada inquilino genera congestión de radiofrecuencia. Proporcionar una única contraseña compartida compromete la seguridad.

La clave privada precompartida (PPSK) de NETGEAR resuelve esto. Usted transmite un único SSID. En NETGEAR Insight, genera contraseñas únicas para cada inquilino. Crucialmente, cada contraseña se asigna a una VLAN específica.

Cuando un dispositivo se conecta utilizando la contraseña de la unidad comercial, el punto de acceso lo coloca en la VLAN comercial aislada. Cuando la administración del establecimiento se conecta utilizando su contraseña, ingresa a la VLAN de administración. Logra un aislamiento completo del tráfico sin hardware adicional. Tenga en cuenta que PPSK requiere WPA2 Personal y no se puede combinar con un Captive Portal en el mismo SSID.

4. Asignación dinámica de VLAN a través de RADIUS

Para redes sofisticadas basadas en la identidad, debe utilizar la asignación dinámica de VLAN. En lugar de asignar estáticamente una VLAN a un SSID o a una contraseña, el servidor RADIUS dicta la VLAN en función del perfil de directorio del usuario.

El servidor RADIUS devuelve tres atributos estándar en el mensaje Access-Accept:

[64] Tunnel-Type = 13 (VLAN)
[65] Tunnel-Medium-Type = 6 (802)
[81] Tunnel-Private-Group-ID = [VLAN ID]

Un único SSID WPA2 Enterprise puede dar servicio a toda la organización. Un gerente de hotel se autentica e ingresa a la VLAN 20. Un agente de recepción ingresa a la VLAN 21. Un contratista ingresa a la VLAN 50. La red se adapta a la identidad del usuario. Para obtener una visión más amplia sobre cómo proteger su entorno, revise nuestra guía Seguridad WiFi empresarial: una guía completa para 2026 .

Guía de implementación

Siga estos pasos para implementar NETGEAR Insight con el WiFi para invitados de Purple.

Paso 1: Configurar el SSID para invitados

Inicie sesión en el portal en la nube de NETGEAR Insight.
Seleccione la ubicación de su red y navegue a Wireless > Settings.
Cree un nuevo SSID (por ejemplo, "Venue Guest WiFi").
Seleccione Captive Portal y elija External Captive Portal.

Paso 2: Configurar el Captive Portal

En el campo Splash Page URL, ingresa la URL proporcionada por Purple.
Selecciona el botón de opción Radius.
Ingresa la IP del servidor de autenticación primario, el puerto (1812) y el secreto compartido proporcionados por Purple.
Ingresa la IP del servidor de contabilidad (Accounting) primario, el puerto (1813) y el secreto compartido.
Configura un NAS-Identifier descriptivo (por ejemplo, "London-Retail-01").

Paso 3: Configurar el Walled Garden

Este es el paso más crítico. Si el walled garden es incorrecto, los invitados verán una pantalla en blanco.

Desplázate hasta la sección Walled Garden en la configuración del Captive Portal.
Agrega todos los dominios proporcionados en la documentación de integración de Purple. Esto incluye los dominios CDN de Purple, los servidores de autenticación y cualquier proveedor de inicio de sesión social habilitado (por ejemplo, Facebook, Google).
Haz clic en Guardar.

Paso 4: Verificar la accesibilidad de RADIUS

Asegúrate de que tu firewall permita los puertos UDP 1812 y 1813 de salida desde las direcciones IP de administración del punto de acceso hacia los servidores RADIUS de Purple.

Mejores prácticas

Exigir la validación de certificados: Para implementaciones 802.1X, debes exigir una validación estricta de certificados en todos los dispositivos cliente a través de Objetos de Directiva de Grupo (GPO) o Gestión de Dispositivos Móviles (MDM). Si los clientes no validan el certificado del servidor RADIUS, quedan vulnerables a ataques de puntos de acceso no autorizados (rogue).
Aislar el tráfico de administración: Coloca siempre las direcciones IP de administración del punto de acceso en una VLAN de administración dedicada, aislada del tráfico de invitados y del personal.
Habilitar Failsafe: En la configuración del Captive Portal de NETGEAR Insight, habilita la opción FailSafe. Si los servidores RADIUS dejan de estar accesibles, se otorgará acceso temporal a internet a los invitados, lo que evitará una interrupción total de WiFi.
SSID separados para PPSK: Debido a que NETGEAR Insight no admite PPSK y Captive Portal en el mismo SSID, debes crear SSID dedicados (por ejemplo, "Venue-Guest" y "Venue-Tenant").

Resolución de problemas y mitigación de riesgos

Síntoma: Los invitados se conectan al SSID pero la página de inicio (splash page) no se carga.

Causa: Configuración incompleta del Walled Garden.
Resolución: Verifica que todos los dominios de Purple y los dominios de inicio de sesión social estén ingresados correctamente en la configuración del Walled Garden de NETGEAR Insight. Realiza la prueba con un dispositivo que no tenga credenciales en caché.

Síntoma: Los dispositivos del personal no logran autenticarse a través de 802.1X.

Causa: Tiempo de espera (timeout) de RADIUS o secreto compartido incorrecto.
Resolución: Verifica que los puertos UDP 1812 y 1813 estén abiertos de salida. Confirma que el secreto compartido coincida exactamente entre el portal de NETGEAR Insight y el servidor RADIUS. Revisa los registros (logs) del servidor RADIUS en busca de mensajes Access-Reject.

Síntoma: Los clientes PPSK se ubican en la VLAN incorrecta.

Causa: Asignación de VLAN incorrecta o falta de configuración de VLAN en el switch.
Resolución: Asegúrate de que la VLAN esté creada en NETGEAR Insight bajo la configuración de Red Cableada (Wired). Verifica que la configuración de Multi PSK asigne la contraseña correcta al ID de VLAN correcto. Asegúrate de que el puerto del switch que conecta el punto de acceso esté configurado como un puerto troncal (trunk) que permita la VLAN de destino.

ROI e impacto comercial

Implementar NETGEAR Insight con Purple transforma tu infraestructura inalámbrica de un centro de costos a un activo generador de ingresos. Al implementar redes basadas en identidad (Identity-Based Networks) y portales cautivos, logras:

Reducción de gastos operativos de TI: PPSK y 802.1X eliminan la necesidad de gestionar manualmente contraseñas compartidas o enviar ingenieros para cambios de acceso rutinarios.
Análisis accionables: Captura datos demográficos, tiempos de permanencia y tasas de retorno para optimizar las operaciones del establecimiento y la combinación de inquilinos.
ROI de marketing: Construye una base de datos de CRM de alta intención y que cumpla con el GDPR. Los establecimientos suelen ver una reducción significativa en los costos de adquisición de clientes al aprovechar los datos de primera mano recopilados a través de WiFi.
Seguridad mejorada: La asignación dinámica de VLAN aísla los dispositivos IoT, los sistemas de punto de venta y el tráfico de invitados, lo que reduce significativamente la superficie de ataque y garantiza el cumplimiento de PCI DSS.

Definiciones clave

802.1X

An IEEE standard for port-based Network Access Control that provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

Essential for enterprise security; replaces shared passwords with individual user credentials.

Captive Portal

A web page that a user of a public access network is obliged to view and interact with before access is granted.

Used by Purple to capture first-party data and ensure terms of service acceptance.

PPSK (Private Pre-Shared Key)

A feature allowing multiple unique passwords on a single SSID, where each password assigns the user to a specific VLAN.

Ideal for multi-tenant buildings or isolating IoT devices without creating multiple SSIDs.

RADIUS

Remote Authentication Dial-In User Service; a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management.

The core server that validates credentials and tells the NETGEAR AP whether to grant access.

Walled Garden

A limited environment that controls the user's access to web content and services prior to full authentication.

Must be configured in NETGEAR Insight to allow devices to reach the Purple splash page and social login providers.

Dynamic VLAN Assignment

The process where a RADIUS server instructs an access point to place an authenticated user on a specific VLAN based on their identity.

Enables Identity-Based Networks, allowing a single SSID to serve multiple departments securely.

NAS-Identifier

Network Access Server Identifier; a string used to identify the source of a RADIUS access request.

Configured in NETGEAR Insight so Purple knows which venue or access point the user is connecting from.

EAP-TLS

Extensible Authentication Protocol - Transport Layer Security; an authentication method requiring digital certificates on both the client and server.

The most secure 802.1X method, eliminating passwords entirely, though requiring MDM to deploy certificates.

Ejemplos resueltos

A 40-unit retail park needs to provide secure, isolated WiFi for each tenant's point-of-sale systems, plus a branded public WiFi network for shoppers. They have deployed NETGEAR WAX630 access points. How should the network be configured?

Create two SSIDs in NETGEAR Insight. SSID 1: 'RetailPark-Guest'. Configure this with an External Captive Portal pointing to Purple's splash page, with RADIUS authentication and a comprehensive walled garden. Map this to VLAN 10 (Internet only). SSID 2: 'RetailPark-Tenants'. Configure this with WPA2 Personal and enable Multi PSK (PPSK). Create 40 unique passwords. Map Tenant A's password to VLAN 101, Tenant B to VLAN 102, etc. Ensure the core switch trunks all VLANs to the access points.

Comentario del examinador: This approach perfectly balances security and user experience. By separating the SSIDs, we avoid the NETGEAR limitation of not mixing PPSK and captive portals. The PPSK configuration ensures zero cross-tenant visibility for PCI compliance, while the Purple portal captures shopper data.

A corporate headquarters wants to move away from a shared WPA2 password. They need staff to authenticate with their Microsoft Entra ID credentials, and they want the finance team on VLAN 50 and the marketing team on VLAN 60.

Deploy a single 'Corporate-Secure' SSID configured for WPA2 Enterprise. Point the NETGEAR Insight RADIUS settings to a RADIUS server integrated with Entra ID. Configure the RADIUS server to return standard tunnel attributes (Tunnel-Type=13, Tunnel-Medium-Type=6, Tunnel-Private-Group-ID=50 or 60) based on the user's directory group membership. Enforce certificate validation on all corporate laptops via MDM.

Comentario del examinador: This demonstrates true Identity-Based Networking. The access point dynamically assigns the VLAN based on the RADIUS response. Crucially, enforcing certificate validation prevents rogue AP attacks, which is mandatory for enterprise security.

Preguntas de práctica

Q1. You have deployed a Purple captive portal on a NETGEAR WAX620. Guests can connect to the WiFi, but their browsers show a 'Cannot reach destination' error instead of the splash page. What is the most likely configuration error?

Sugerencia: Consider what must happen before the guest is fully authenticated to reach external servers.

Ver respuesta modelo

The Walled Garden is misconfigured or incomplete. The NETGEAR access point is blocking the initial traffic to Purple's servers. You must ensure all required Purple CDN domains, authentication URLs, and social login domains are added to the Walled Garden list in the Insight portal.

Q2. A venue requires both a guest captive portal and secure, isolated WiFi for 10 different retail tenants. They want to minimize RF interference. How do you configure the NETGEAR access points?

Sugerencia: NETGEAR Insight has specific limitations regarding mixing captive portals and PPSK.

Ver respuesta modelo

You must create exactly two SSIDs. NETGEAR does not support PPSK and Captive Portal on the same SSID. Create 'Venue-Guest' with an External Captive Portal pointing to Purple. Create 'Venue-Retail' with WPA2 Personal and configure Multi PSK (PPSK) with 10 unique passwords, each mapping to a different VLAN.

Q3. When configuring dynamic VLAN assignment for staff using 802.1X, which three RADIUS attributes must the server return in the Access-Accept message?

Sugerencia: Think about the RFC 2868 standard attributes for tunnel configuration.

Ver respuesta modelo

The RADIUS server must return: [64] Tunnel-Type = 13 (VLAN), [65] Tunnel-Medium-Type = 6 (802), and [81] Tunnel-Private-Group-ID = [The specific VLAN ID string].

Continúe leyendo esta serie

Guía de integración de MikroTik RouterOS Captive Portal y Purple WiFi

Esta guía técnica proporciona instrucciones paso a paso para integrar MikroTik RouterOS con la plataforma WiFi de Purple. Cubre la configuración del Captive Portal de Guest WiFi, la autenticación 802.1X de Staff WiFi y WiFi multiinquilino mediante PSK privadas para la segmentación dinámica de VLAN.

Integración de Zyxel Nebula Cloud y USG con Purple WiFi

Esta guía de referencia técnica cubre la integración de extremo a extremo de Zyxel Nebula Cloud y los firewalls USG Flex con la plataforma Purple WiFi. Proporciona instrucciones de configuración paso a paso para la redirección del Captive Portal de invitados, autenticación RADIUS, configuración de Walled Garden, WiFi seguro para el personal mediante 802.1X y segmentación de red multiinquilino utilizando claves precompartidas privadas (PPSK) de Zyxel con asignación dinámica de VLAN. Los gerentes de TI, MSP y arquitectos de red que implementan WiFi en entornos de hospitalidad, retail y complejos multiinquilino encontrarán orientación práctica basada en estándares de la industria, incluidos PCI DSS, IEEE 802.1X y GDPR.

Integración de Alcatel-Lucent Enterprise (ALE) OmniAccess con Purple WiFi

Esta guía detalla la integración técnica entre los puntos de acceso Alcatel-Lucent Enterprise (ALE) OmniAccess Stellar y Purple WiFi. Cubre la redirección de Captive Portal, la autenticación RADIUS, la configuración de Walled Garden, WiFi seguro para el personal mediante 802.1X y la segmentación de WiFi multiinquilino mediante claves precompartidas privadas (PPSK) con direccionamiento dinámico de VLAN, lo que brinda a los administradores de TI y arquitectos de redes una referencia completa y práctica para implementar redes basadas en identidad en hardware de ALE.