Some time ago it was possible to combine guest and staff portals in EasyPass, it was one of its best features.
Is this no longer possible?
Easypass is the modern and enhanced replacement for the older Guest Portal. It offers a set of predefined access method combinations, making it easier for many customers to deploy based on common use cases and best practices. The current combinations available in Easypass are carefully selected based on real-world customer needs and widely accepted network strategies.
One key reason we avoid mixing Guest (open/free WiFi) and Enterprise/Staff networks is rooted in best security practices—you should never merge these two environments. In fact, some organizations choose to add a simple password to their staff SSID to avoid running an open network for internal use. Additionally, it’s critical to keep Guest and Staff networks on separate VLANs. While it’s sometimes tempting to simplify configurations by placing everything on a flat VLAN, doing so introduces significant security risks.
By keeping these access methods distinct, we aim to guide network administrators toward better network segmentation. That said, we’re always listening—if there’s a specific combination you’re looking for, please let us know. We’d be happy to connect and better understand your use case to see how we can support it.
Without a doubt, placing two SSIDs on a flat vlan is a very bad idea.
I have deployed a few times combined portals where a single SSID allowed to manage “guests” on a different vlan than the “staff” of the company, this is a great feature, very easy to implement, I do not understand the approach to stop using it, this does not imply any detriment in security, on the contrary, it facilitates and improves the image of the headquarters by unifying in a single SSID more “intelligent” the assignment of clients to different vlans.
The previous EasyPass on-line (still in production) even allows you to create combinations of up to 4 portals, each with its own security level and dedicated VLAN.
It is a step forward to unify up to 4 SSIDs into one, a great optimization of the spectrum, and a remarkable improvement in the user’s appreciation of a truly powerful wireless network.
Example:
I create a one-click portal that assigns guests to vlan 100.
I create an Azure portal where the Radius server redirects the different user profiles of the domain to their corresponding vlan, managers to vlan 120, accounting to vlan 125, etc…
Later, I will create a combined portal that will link to a SSID “ACME” with the corporate image “Welcome to the ACME network” “please choose your profile”. if you choose the “Staff” button, it will ask you for “username/password” and take you to the vlan configured for your profile.
If you choose to be a guest, the restrictions and vlan will be applied as a guest.
This was all a great idea
Using separate SSIDs comes with several benefits. For example, it allows you to limit the number of guest clients per SSID on each access point, apply SSID-level rate limits (in addition to per-client limits), and ensure more bandwidth is available for your staff network. It also enables clearer segregation of statistics, giving you distinct visibility into guest and staff usage at the SSID level.
That said, Easypass currently doesn’t support full flexibility to mix and match any combination of access methods. This design choice was made to simplify both configuration and reporting, making it easier to manage and understand access behavior.
I’ll definitely share your feedback with the team and explore how soon we might be able to support this. I believe if we introduce combinations like One-Click + Azure or One-Click + Google Login (X), it should address your requirements. Let us know if there are other specific combinations you’d like to see—we’re always open to evolving based on real-world needs.
1 Like
Thanks Kunal,
we hope this will happen soon, we had to go through a complicated migration from the local version to the cloud of cnMaestro just to get this functionality, for us it is a major issue in our organization, to the point that now we are even considering somehow going back to using the old EasyPass of Xirrus which has all this.
Maybe we are confusing “Captive Portal” with “SSID”.
By the way, I am sorry to disagree with the unilateral decision of the moderator to mark the answer to post #2 as “solution to the case”, it is not at all, I think it would be appropriate and democratic to have the opinion of all for this.