Why should I add controller IP into walled-garden when we used tunnel-mode ssid using wispr?

  • 1
  • Question
  • Updated 3 years ago
  • Answered

Our many customer used wifi for guest using wispr ssid on SZ100 or vSZ.

Some of them used tunnel-mode ssid with wispr.

When they use lbo-mode ssid with wispr, they just configure ssid and wispr w/o adding walled-garden and it works good.

But when they used tunnel-mode ssid with wispr, they must configure ssid and wispr w/ adding controller-IP into walled-garden.

If they forgot to add contoller-IP onto walled-garden, they never succeed to authenticate.

Why should I add contoller-IP onto walled-garden?

Does it intended or bug?

I have never found about it on document.

Plz let me know about it.

Photo of Jeronimo


  • 397 Posts
  • 50 Reply Likes

Posted 3 years ago

  • 1
Photo of Michael Brado

Michael Brado, Official Rep

  • 3298 Posts
  • 523 Reply Likes
The answer is because of using Tunnel-Mode on your WLAN, you tell client traffic to go
to the ZoneDirector, where you need to have the VLANs they are trying to access.  If you
use LBO (local break-out) the client traffic is switched onto the LAN at the AP, not sent
back to your ZD first.  Does that help?

You need to understand where your WISPr authentication server is located, only at the ZD,
ie Data Center or Central Office, or from where the clients are connecting (at the AP location).
Photo of Jeronimo


  • 397 Posts
  • 50 Reply Likes
Is that intended?

I wonder only tunnel mode must add it.

Does vSZ have plan automatically adding whitelist(or walled-garden) at tunnel-mode?

It's very confusing an inconvenient work.

I hope to automatically add whitelist(or walled-garden) for tunnel-mode on futher verion.