跳至主要内容
简体中文

NETGEAR Insight 和企业级接入点与 Purple WiFi 的集成

本指南为 IT 经理提供了将 NETGEAR Insight 和 WAX 企业级接入点与 Purple WiFi 进行集成的权威技术路线图。内容涵盖了关键配置,包括访客 Captive Portal、802.1X 员工网络,以及使用 PPSK 和动态 VLAN 分配的多租户隔离。

📖 6 分钟阅读📝 1,295 🔧 2 应用实例3 练习题📚 8 关键定义

收听本指南

查看播客转录
Welcome to Purple's Technical Briefing. Today we are covering a topic that comes up constantly in our conversations with IT managers and network architects across hospitality, retail, and multi-tenant venues: how to integrate NETGEAR Insight and WAX series access points with Purple WiFi. If you are running a hotel, a retail park, a conference centre, or a mixed-use development, this briefing is directly relevant to your next deployment decision. Let us set the scene. NETGEAR's WAX series - the WAX610, WAX620, and WAX630 - are WiFi 6 access points managed through the Insight cloud platform. They support up to eight separate SSIDs per radio, WPA3 encryption, and up to six gigabits of throughput on the WAX630. They are PoE-powered, ceiling-mountable, and managed from a single pane of glass through the Insight Cloud Portal. For an IT installer or SMB network administrator, this is a genuinely capable platform at a price point well below the Cisco Meraki or HPE Aruba tier. Purple is a hardware-agnostic cloud overlay. We sit on top of your existing infrastructure and we add the guest experience layer, the data capture layer, and the analytics layer. We have processed 440 million logins in 2024 across 80,000 live venues. The integration with NETGEAR Insight is clean and well-documented, and it covers four distinct use cases that we will walk through today. Now let us get into the technical deep-dive. The four use cases are: Guest WiFi with a Purple captive portal, Secure Staff WiFi using 802.1X, Multi-Tenant segmentation using NETGEAR's PPSK feature, and dynamic VLAN assignment via RADIUS for Identity-Based Networks. Use case one: Guest WiFi with a Purple captive portal. This is the most common starting point. You create a dedicated Guest SSID in NETGEAR Insight and you configure it as an open network. The key configuration is in the Captive Portal section of the SSID settings. You select External Captive Portal, and you paste in the Splash Page URL that Purple provides. Next, you configure the authentication type. For most Purple deployments, you will select RADIUS authentication. Purple provides you with a primary RADIUS server IP address, port 1812 for authentication and port 1813 for accounting, and a shared secret. You paste those into the NETGEAR Insight External Captive Portal configuration. You also set a NAS Identifier - this is a string that identifies this specific access point or location to the RADIUS server. Use something meaningful, like your venue name and location code. The walled garden is the piece that trips up most installers. Before a guest authenticates, their device needs to be able to reach the Purple splash page, the authentication servers, and any social login providers you have enabled. NETGEAR Insight has a dedicated Walled Garden section in the External Captive Portal configuration where you add these URLs. Purple's support documentation provides the exact list of domains to whitelist. Get this wrong and guests will see a blank page instead of your branded portal. Once configured, the flow works like this: a guest connects to the Hotel Guest SSID. The access point intercepts their first HTTP request and redirects them to the Purple splash page. The guest sees your branded portal, accepts the terms, and optionally provides their email address or logs in via social media. Purple's RADIUS server returns an Access-Accept message to the access point, and the guest is granted internet access. Purple captures the consent data, logs the session, and that data flows into your Purple analytics dashboard. Use case two: Secure Staff WiFi using 802.1X. This is where you move away from shared passwords entirely. For staff networks, a pre-shared key is a liability - when an employee leaves, you have to change the password for everyone. 802.1X, defined in the IEEE 802.1X standard, gives every user an individual credential. When they leave, you disable their account in your directory and their access is revoked instantly. In NETGEAR Insight, you configure a separate Staff SSID with WPA2 Enterprise security. This tells the access point to use 802.1X authentication rather than a pre-shared key. You then configure the RADIUS server settings at the network location level. Go to the network location settings, select RADIUS, enable 802.1X Access Authentication, and enter your RADIUS server IP, port, and shared secret. The default reauthentication interval is 3,600 seconds - one hour - which is a reasonable starting point for most venues. The most common EAP method in SMB deployments is PEAP-MSCHAPv2, which uses a server-side certificate to create an encrypted tunnel inside which the user authenticates with their Active Directory username and password. EAP-TLS is more secure - it uses certificates on both sides - but it requires a PKI infrastructure and MDM to push certificates to devices. One critical point: enforce certificate validation on every client device. Configure your Windows devices via Group Policy Objects and your mobile devices via MDM profiles to validate the RADIUS server's certificate. If you skip this step, devices are vulnerable to rogue access point attacks where an attacker presents a fake certificate and captures credentials. Use case three: NETGEAR PPSK for multi-tenant venues. Private Pre-Shared Key solves a specific problem in retail parks, mixed-use developments, and co-working spaces. You have multiple tenants sharing the same physical WiFi infrastructure. You do not want to run separate SSIDs for each tenant - that creates radio frequency congestion and management complexity. But you also cannot give everyone the same password, because then Tenant A can see Tenant B's traffic. PPSK solves this elegantly. You create a single SSID and you create multiple pre-shared keys in NETGEAR Insight under Wireless, Settings, Advanced, Multi PSK Settings. Each key is associated with a specific VLAN. Tenant A gets a unique 16-character password that maps to VLAN 30. Tenant B gets a different password that maps to VLAN 40. The venue management team gets a third password that maps to VLAN 20, which has access to management systems. When Tenant A's devices connect using their password, the access point automatically places them on VLAN 30. They cannot see any traffic on VLAN 40 or VLAN 20. From a tenant's perspective, they just have a WiFi password. From your perspective as the network administrator, you have complete traffic isolation between tenants with zero additional hardware. There are two important limitations to know. First, PPSK in NETGEAR Insight requires WPA2 Personal or WPA2 Personal Mixed encryption. It does not work on the 6 GHz band. Second, PPSK cannot be combined with captive portal on the same SSID. If you need both, you need two separate SSIDs - which is fine, because WAX series access points support up to eight. Use case four: dynamic VLAN assignment via RADIUS. This is the most sophisticated configuration and the one that underpins Purple's Identity-Based Networks capability. Instead of statically assigning a VLAN to a password or an SSID, you let the RADIUS server decide which VLAN to assign based on who is authenticating. The mechanism uses three standard RADIUS attributes: Tunnel-Type, which must be set to value 13 for VLAN; Tunnel-Medium-Type, which must be set to value 6 for IEEE 802; and Tunnel-Private-Group-ID, which carries the VLAN ID as a string. When a user authenticates successfully, the RADIUS server returns these three attributes in the Access-Accept message. The access point reads them and places the client on the specified VLAN. In practice, this means you can have a single WPA2 Enterprise SSID where a hotel manager authenticates and lands on VLAN 20 with access to property management systems, a front desk agent authenticates and lands on VLAN 21 with access to the check-in system only, and a contractor authenticates and lands on VLAN 50 with internet-only access. All from the same SSID, all enforced automatically by the RADIUS server based on Active Directory group membership. Now let us talk implementation recommendations and pitfalls. The first pitfall is the walled garden. Every external captive portal deployment fails at the walled garden at least once. The symptom is guests connecting to the SSID but seeing a browser error instead of the splash page. The fix is methodical: open the Purple support documentation, copy every domain in the walled garden list, and paste them into NETGEAR Insight's Walled Garden section. Test with a device that has no cached credentials. The second pitfall is RADIUS reachability. The NETGEAR access point needs to reach your RADIUS server. RADIUS uses UDP port 1812 for authentication and UDP port 1813 for accounting. Open those ports from the access point management IP to the RADIUS server IP. Test with a RADIUS test tool before you go live. The third pitfall is PPSK and captive portal conflict. NETGEAR Insight does not allow PPSK and captive portal on the same SSID. If you need both, create two SSIDs. Name them clearly - one for PPSK tenants and one for the captive portal guests. The fourth pitfall is certificate validation on 802.1X clients. Every Windows device needs a Group Policy Object that specifies the trusted Certificate Authority and the expected RADIUS server name. Every mobile device needs an MDM profile with the same settings. Without this, a user could unknowingly authenticate to a rogue access point and hand over their Active Directory credentials. Now for a rapid-fire question and answer session. Question one: Can I use Purple with NETGEAR Insight without a RADIUS server? Yes, for guest captive portal deployments, you can use Purple's web authentication mode rather than RADIUS. The access point redirects to the splash page via HTTP, and Purple handles authentication through a web session. RADIUS gives you more control and better accounting data, but it is not mandatory for basic guest portal deployments. Question two: How many PPSK keys can I create in NETGEAR Insight? NETGEAR Insight supports up to 64 PPSK keys per SSID on WAX series access points. For most multi-tenant venues, this is more than sufficient. If you have more than 64 tenants, you need to move to a RADIUS-based dynamic VLAN solution instead. Question three: Does NETGEAR Insight support WPA3 Enterprise for 802.1X? Yes, WAX series access points support WPA3 Enterprise. For most SMB deployments, WPA2 Enterprise is sufficient and has broader client device compatibility. WPA3 Enterprise is worth considering for environments handling sensitive data, such as healthcare or financial services. Question four: What happens if the Purple RADIUS server is unreachable? NETGEAR Insight supports a failsafe option in the External Captive Portal configuration. If you enable failsafe, guests are granted internet access for a short period even if the captive portal servers are unreachable. Purple maintains 99.999% uptime across our infrastructure, but enabling failsafe is good practice for any production deployment. To summarise the key takeaways from today's briefing. NETGEAR WAX series access points integrate with Purple via the External Captive Portal mechanism in NETGEAR Insight. You configure the splash page URL, RADIUS server credentials, and walled garden domains in the Insight Cloud Portal. For staff networks, use WPA2 Enterprise with 802.1X and enforce certificate validation on every client device. For multi-tenant venues, NETGEAR's PPSK feature gives you per-tenant VLAN isolation from a single SSID with up to 64 unique keys. For the most sophisticated deployments, dynamic VLAN assignment via RADIUS attributes gives you identity-driven network segmentation that adapts to who is connecting, not just where they are connecting from. If you are planning a NETGEAR deployment with Purple, the next step is to request your Purple RADIUS credentials and walled garden domain list from Purple's support team, and to test the captive portal redirect on a staging SSID before rolling out to production. The configuration takes under 30 minutes once you have those credentials in hand. Thank you for listening to Purple's Technical Briefing. For the full written guide, including step-by-step configuration details and worked examples, visit purple.ai.

header_image.png

执行摘要

依赖预共享密钥进行企业 WiFi 接入存在重大的安全隐患。单个凭据泄露就会暴露整个网络,而撤销访问权限则需要更改每台设备的密码。本指南为 IT 经理和网络架构师提供了将 NETGEAR Insight 和 WAX 系列企业级接入点与 Purple 进行集成的权威路线图。

我们详细介绍了四种核心部署架构:带有 Captive Portal 的访客 WiFi、使用 802.1X 的安全员工 WiFi、通过 NETGEAR 私有预共享密钥 (PPSK) 实现的多租户隔离,以及使用动态 VLAN 分配的基于身份的网络。无论您是运营 酒店 场所、 零售 空间还是公共部门环境,这些配置都能消除共享密码、实施严格的网络隔离并捕获极具价值的 WiFi Analytics

请听下方的技术简报播客,全面了解该架构及常见的部署陷阱。

技术深度解析

NETGEAR WAX 系列接入点(WAX610、WAX620、WAX630)是专为高密度环境设计的云管理 WiFi 6 设备。它们通过 NETGEAR Insight 门户进行管理,支持每个射频多达 8 个独立的 SSID、WPA3 加密和多千兆吞吐量。Purple 作为一个与硬件无关的云端覆盖层,与 NETGEAR Insight 集成,提供企业级的访问控制和数据捕获。

1. 带有 Captive Portal 的访客 WiFi

对于面向公众的环境,您必须部署外部 Captive Portal。此配置会拦截访客的 HTTP 请求,并将其重定向到由 Purple 托管的展示页面。

架构:

  1. 接入点: NETGEAR WAX 接入点广播开放式或 WPA2 个人版访客 SSID。
  2. 围墙花园 (Walled Garden): NETGEAR Insight 允许未认证流量访问 Purple 的服务器和社交登录提供商。
  3. 认证: Purple 通过 RADIUS 或 HTTP Web 认证处理用户会话。

当访客连接时,系统会向其展示一个品牌化的门户页面。在接受条款并提供详细信息后,Purple 的 RADIUS 服务器会返回 Access-Accept 消息,从而授予互联网访问权限。这种方法在捕获宝贵的第一方数据的同时,确保了符合 GDPR 等数据隐私法规。

2. 安全员工 WiFi (802.1X)

对于员工网络,预共享密钥是不可接受的。您必须实施 IEEE 802.1X 认证。在这种模式下,每个用户都拥有独立的凭据。当员工离职时,您只需禁用其目录账户,其访问权限就会立即被撤销。

在 NETGEAR Insight 中,您需要配置一个采用 WPA2 企业版或 WPA3 企业版安全协议的员工 SSID。接入点作为认证器,将可扩展身份验证协议 (EAP) 消息转发给 RADIUS 服务器。RADIUS 服务器根据您的目录(例如 Microsoft Entra ID 或 Okta)验证凭据,并返回授权决定。

3. 多租户隔离 (PPSK)

综合体开发项目和零售园区面临着一个特定的挑战:多个租户共享物理 WiFi 基础设施。为每个租户部署独立的 SSID 会导致射频拥堵。而提供单个共享密码则会损害安全性。

NETGEAR 私有预共享密钥 (PPSK) 解决了这一问题。您只需广播单个 SSID。在 NETGEAR Insight 中,您为每个租户生成唯一的密码。至关重要的是,每个密码都映射到特定的 VLAN。

ppsk_vlan_infographic.png

当设备使用零售商铺的密码连接时,接入点会将其分配到隔离的零售 VLAN。当场所管理人员使用其密码连接时,他们会进入管理 VLAN。您无需任何额外硬件即可实现完全的流量隔离。请注意,PPSK 需要 WPA2 个人版,并且不能在同一个 SSID 上与 Captive Portal 结合使用。

4. 通过 RADIUS 进行动态 VLAN 分配

对于复杂的基于身份的网络,您必须使用动态 VLAN 分配。RADIUS 服务器不会将 VLAN 静态分配给 SSID 或密码,而是根据用户的目录配置文件来决定 VLAN。

RADIUS 服务器在 Access-Accept 消息中返回三个标准属性:

  • [64] Tunnel-Type = 13 (VLAN)
  • [65] Tunnel-Medium-Type = 6 (802)
  • [81] Tunnel-Private-Group-ID = [VLAN ID]

单个 WPA2 企业版 SSID 即可为整个组织提供服务。酒店经理通过认证后进入 VLAN 20。前台接待人员进入 VLAN 21。承包商则进入 VLAN 50。网络会根据用户的身份进行自适应。要更广泛地了解如何保护您的环境,请参阅我们的 企业 WiFi 安全:2026 年完整指南

architecture_overview.png

实施指南

请按照以下步骤部署带有 Purple 访客 WiFi 的 NETGEAR Insight。

步骤 1:配置访客 SSID

  1. 登录 NETGEAR Insight 云门户。
  2. 选择您的网络位置并导航至 Wireless > Settings
  3. 创建一个新的 SSID(例如 "Venue Guest WiFi")。
  4. 选择 Captive Portal 并选择 External Captive Portal

步骤 2:配置 Captive Portal

  1. Splash Page URL 字段中,输入 Purple 提供的 URL。
  2. 选择 Radius 单选按钮。
  3. 输入 Purple 提供的主要认证服务器 IP、端口 (1812) 和共享密钥。
  4. 输入主要计费服务器 IP、端口 (1813) 和共享密钥。
  5. 设置一个描述性的 NAS-Identifier(例如 "London-Retail-01")。

步骤 3:配置 Walled Garden

这是最关键的步骤。如果 Walled Garden 配置不正确,访客将看到空白屏幕。

  1. 滚动到 Captive Portal 设置中的 Walled Garden 区域。
  2. 添加 Purple 集成文档中提供的所有域名。这包括 Purple 的 CDN 域名、认证服务器以及任何已启用的社交登录提供商(例如 Facebook、Google)。
  3. 点击 保存

步骤 4:验证 RADIUS 可达性

确保您的防火墙允许从接入点管理 IP 地址到 Purple RADIUS 服务器的出站 UDP 端口 1812 和 1813。

最佳实践

  • 强制执行证书验证: 对于 802.1X 部署,您必须通过组策略对象 (GPO) 或移动设备管理 (MDM) 在所有客户端设备上强制执行严格的证书验证。如果客户端不验证 RADIUS 服务器证书,它们将容易受到流氓接入点攻击。
  • 隔离管理流量: 始终将接入点管理 IP 地址置于专用的管理 VLAN 中,与访客和员工流量隔离。
  • 启用故障安全 (Failsafe): 在 NETGEAR Insight Captive Portal 设置中,启用 FailSafe 选项。如果 RADIUS 服务器变得不可达,访客将被授予临时互联网访问权限,从而防止 WiFi 完全中断。
  • 为 PPSK 分离 SSID: 由于 NETGEAR Insight 不支持在同一个 SSID 上同时使用 PPSK 和 Captive Portal,您必须创建专用的 SSID(例如 "Venue-Guest" 和 "Venue-Tenant")。

故障排除与风险缓解

现象:访客连接到 SSID,但 Splash Page(欢迎页面)未加载。

  • 原因: Walled Garden 配置不完整。
  • 解决方案: 验证是否在 NETGEAR Insight Walled Garden 设置中正确输入了所有 Purple 域名和社交登录域名。使用没有缓存凭据的设备进行测试。

现象:员工设备无法通过 802.1X 进行身份验证。

  • 原因: RADIUS 超时或共享密钥不正确。
  • 解决方案: 验证出站 UDP 端口 1812 和 1813 是否已打开。确认 NETGEAR Insight 门户与 RADIUS 服务器之间的共享密钥完全一致。检查 RADIUS 服务器日志中的 Access-Reject 消息。

现象:PPSK 客户端被分配到错误的 VLAN。

  • 原因: 交换机上的 VLAN 映射不正确或缺少 VLAN 配置。
  • 解决方案: 确保在 NETGEAR Insight 的“有线 (Wired)”设置下创建了该 VLAN。验证 Multi PSK 设置是否将正确的密码映射到正确的 VLAN ID。确保连接接入点的交换机端口配置为允许目标 VLAN 的 Trunk 端口。

投资回报率 (ROI) 与业务影响

将 NETGEAR Insight 与 Purple 结合部署,可将您的无线基础设施从成本中心转变为创收资产。通过实施基于身份的网络和 Captive Portal,您可以实现:

  • 降低 IT 开销: PPSK 和 802.1X 消除手动管理共享密码或为日常访问变更派遣工程师的需要。
  • 极具价值的分析: 捕获人口统计数据、停留时间和回头率,以优化场所运营和商户组合。
  • 营销投资回报率 (ROI): 构建符合 GDPR 规范的高意向 CRM 数据库。当利用通过 WiFi 收集的第一方数据时,场所通常会看到客户获取成本的显著降低。
  • 增强的安全性: 动态 VLAN 分配可隔离物联网 (IoT) 设备、收银系统 (POS) 和访客流量,从而显著减少受攻击面并确保符合 PCI DSS 标准。

关键定义

802.1X

An IEEE standard for port-based Network Access Control that provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

Essential for enterprise security; replaces shared passwords with individual user credentials.

Captive Portal

A web page that a user of a public access network is obliged to view and interact with before access is granted.

Used by Purple to capture first-party data and ensure terms of service acceptance.

PPSK (Private Pre-Shared Key)

A feature allowing multiple unique passwords on a single SSID, where each password assigns the user to a specific VLAN.

Ideal for multi-tenant buildings or isolating IoT devices without creating multiple SSIDs.

RADIUS

Remote Authentication Dial-In User Service; a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management.

The core server that validates credentials and tells the NETGEAR AP whether to grant access.

Walled Garden

A limited environment that controls the user's access to web content and services prior to full authentication.

Must be configured in NETGEAR Insight to allow devices to reach the Purple splash page and social login providers.

Dynamic VLAN Assignment

The process where a RADIUS server instructs an access point to place an authenticated user on a specific VLAN based on their identity.

Enables Identity-Based Networks, allowing a single SSID to serve multiple departments securely.

NAS-Identifier

Network Access Server Identifier; a string used to identify the source of a RADIUS access request.

Configured in NETGEAR Insight so Purple knows which venue or access point the user is connecting from.

EAP-TLS

Extensible Authentication Protocol - Transport Layer Security; an authentication method requiring digital certificates on both the client and server.

The most secure 802.1X method, eliminating passwords entirely, though requiring MDM to deploy certificates.

应用实例

A 40-unit retail park needs to provide secure, isolated WiFi for each tenant's point-of-sale systems, plus a branded public WiFi network for shoppers. They have deployed NETGEAR WAX630 access points. How should the network be configured?

Create two SSIDs in NETGEAR Insight. SSID 1: 'RetailPark-Guest'. Configure this with an External Captive Portal pointing to Purple's splash page, with RADIUS authentication and a comprehensive walled garden. Map this to VLAN 10 (Internet only). SSID 2: 'RetailPark-Tenants'. Configure this with WPA2 Personal and enable Multi PSK (PPSK). Create 40 unique passwords. Map Tenant A's password to VLAN 101, Tenant B to VLAN 102, etc. Ensure the core switch trunks all VLANs to the access points.

考官评语: This approach perfectly balances security and user experience. By separating the SSIDs, we avoid the NETGEAR limitation of not mixing PPSK and captive portals. The PPSK configuration ensures zero cross-tenant visibility for PCI compliance, while the Purple portal captures shopper data.

A corporate headquarters wants to move away from a shared WPA2 password. They need staff to authenticate with their Microsoft Entra ID credentials, and they want the finance team on VLAN 50 and the marketing team on VLAN 60.

Deploy a single 'Corporate-Secure' SSID configured for WPA2 Enterprise. Point the NETGEAR Insight RADIUS settings to a RADIUS server integrated with Entra ID. Configure the RADIUS server to return standard tunnel attributes (Tunnel-Type=13, Tunnel-Medium-Type=6, Tunnel-Private-Group-ID=50 or 60) based on the user's directory group membership. Enforce certificate validation on all corporate laptops via MDM.

考官评语: This demonstrates true Identity-Based Networking. The access point dynamically assigns the VLAN based on the RADIUS response. Crucially, enforcing certificate validation prevents rogue AP attacks, which is mandatory for enterprise security.

练习题

Q1. You have deployed a Purple captive portal on a NETGEAR WAX620. Guests can connect to the WiFi, but their browsers show a 'Cannot reach destination' error instead of the splash page. What is the most likely configuration error?

提示:Consider what must happen before the guest is fully authenticated to reach external servers.

查看标准答案

The Walled Garden is misconfigured or incomplete. The NETGEAR access point is blocking the initial traffic to Purple's servers. You must ensure all required Purple CDN domains, authentication URLs, and social login domains are added to the Walled Garden list in the Insight portal.

Q2. A venue requires both a guest captive portal and secure, isolated WiFi for 10 different retail tenants. They want to minimize RF interference. How do you configure the NETGEAR access points?

提示:NETGEAR Insight has specific limitations regarding mixing captive portals and PPSK.

查看标准答案

You must create exactly two SSIDs. NETGEAR does not support PPSK and Captive Portal on the same SSID. Create 'Venue-Guest' with an External Captive Portal pointing to Purple. Create 'Venue-Retail' with WPA2 Personal and configure Multi PSK (PPSK) with 10 unique passwords, each mapping to a different VLAN.

Q3. When configuring dynamic VLAN assignment for staff using 802.1X, which three RADIUS attributes must the server return in the Access-Accept message?

提示:Think about the RFC 2868 standard attributes for tunnel configuration.

查看标准答案

The RADIUS server must return: [64] Tunnel-Type = 13 (VLAN), [65] Tunnel-Medium-Type = 6 (802), and [81] Tunnel-Private-Group-ID = [The specific VLAN ID string].

继续阅读本系列

Alta Labs 与 Purple WiFi 的集成:设置与 Captive Portal 配置

本技术参考指南涵盖了 Alta Labs AP6 和 AP6 Pro 接入点与 Purple 云托管 Captive Portal 的端到端集成。它详细介绍了外部重定向配置、RADIUS 身份验证、围墙花园(walled garden)要求,以及使用 AltaPass 私有预共享密钥(Private Pre-Shared Keys)的多租户细分。场所运营商和 IT 团队将获得一份适用于酒店、零售和智能办公环境的可重复部署指南。

阅读指南 →

WatchGuard Firebox 与 Purple WiFi 集成:安装与配置指南

本指南是为部署 WatchGuard Firebox 和接入点与 Purple 的 IT 经理和网络架构师提供的分步集成手册。它涵盖了用于 Guest WiFi 的外部 Captive Portal 重定向、用于 Staff WiFi 的安全 802.1X 认证,以及使用 WatchGuard 私有预共享密钥 (PPSK) 配合动态 VLAN 引导的多租户细分——为您在所有访问层级提供单一、统一的架构。

阅读指南 →

Aruba ClearPass 和 Purple WiFi:集成与部署指南

本指南提供了将 HPE Aruba ClearPass Policy Manager 与 Purple WiFi 平台集成的完整技术参考,涵盖了 RADIUS 代理架构、captive portal 配置和动态 VLAN 角色映射。专为 Aruba 重度环境中的 IT 经理和网络架构师设计,他们需要在保留 ClearPass 用于 NAC 的同时,部署 Purple 进行访客身份验证和分析。实施此集成可弥补关键供应商差距,实现企业级安全性和合规性,同时利用 Purple 市场领先的访客智能功能。

阅读指南 →