Netgear GSM7252PS 7000 Series Managed Switch Administration Guide for Software - Page 550
Captive Portal
UPC - 606449071665
View all Netgear GSM7252PS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 550 highlights
ProSafe 7000 Managed Switch Software Administration Manual, Release 8.0.3 Chapter 31 Captive Portal This chapter includes the following sections: • "Captive Portal Configuration" on page 31-2 • "Enable Captive Portal" on page 31-2 • "Client Access, Authentication, and Control" on page 31-5 • "Block a Captive Portal Instance" on page 31-5 • "Local Authorization User/Group Configuration" on page 31-6 • "Remote Authorization (RADIUS) User Configuration" on page 31-8 • "SSL Certificates" on page 31-10 The Captive Portal feature is a software implementation that blocks clients from accessing the network until user verification has been established. Verification can be configured to allow access for both guest and authenticated users. Authenticated users must be validated against a database of authorized Captive Portal users before access is granted. The Authentication server supports both HTTP and HTTPS web connections. In addition, Captive Portal can be configured to use an optional HTTP port (in support of HTTP Proxy networks). If configured, this additional port is then used exclusively by Captive Portal. Note that this optional port is in addition to the standard HTTP port 80 which is currently being used for all other web traffic. Captive Portal for wired interfaces allows the clients directly connected to the switch be authenticated using a Captive Portal mechanism before the client is given access to the network. When a wired physical port is enabled for Captive Portal then the port would be set in captive-portalenabled state such that all the traffic coming onto the port from the unauthenticated clients are ropped except for the ARP, DHCP, DNS and NETBIOS packets. These packets are allowed to be forwarded by the switch so that the unauthenticated clients can get an IP address and be able to resolve the hostname or domain names. The data traffic from the authenticated clients would go through normally and the above rules do not apply to these packets. All the HTTP/HTTPS packets from unauthenticated clients are directed to the CPU on the switch for all the ports that are enabled for Captive Portal. So when an unauthenticated client opens a web browser and tries to connect to network, the Captive Portal redirects all the HTTP/HTTPS traffic from unauthenticated clients to the authenticating server on the switch. A Captive portal web page is sent back to the unauthenticated client and the client can authenticate and based upon the authentication the client is given access to the port. The Captive Portal feature can be enabled on all the physical ports on the switch. It is not supported for VLAN interfaces, loopback interfaces or logical interfaces. The Captive Portal feature is Mac-based authentication and not port-based authentication. This means that all the clients connected to the captive portal interface have to get authenticated before they can get access to the network. Captive Portal v1.0, June 2010 31-1