Home » Netgear Manuals » Hubs & Switches » Netgear FSM726v3 » Manual Viewer

Netgear FSM726v3 7000 Series Managed Switch Administration Guide for Software - Page 549

Captive Portal

Add to My Manuals
Save this manual to your list of manuals

Page 549 highlights

NETGEAR Managed Switches Software Administration Manual, Release 8.0 Chapter 32 Captive Portal This chapter includes the following sections: • "Captive Portal Configuration" on page 32-2 • "Enable Captive Portal" on page 32-2 • "Client Access, Authentication, and Control" on page 32-5 • "Block a Captive Portal Instance" on page 32-5 • "Local Authorization User/Group Configuration" on page 32-6 • "Remote Authorization (RADIUS) User Configuration" on page 32-8 • "SSL Certificates" on page 32-10 The Captive Portal feature is a software implementation that blocks clients from accessing the network until user verification has been established. Verification can be configured to allow access for both guest and authenticated users. Authenticated users must be validated against a database of authorized Captive Portal users before access is granted. The Authentication server supports both HTTP and HTTPS web connections. In addition, Captive Portal can be configured to use an optional HTTP port (in support of HTTP Proxy networks). If configured, this additional port is then used exclusively by Captive Portal. Note that this optional port is in addition to the standard HTTP port 80 which is currently being used for all other web traffic. Captive Portal for wired interfaces allows the clients directly connected to the switch be authenticated using a Captive Portal mechanism before the client is given access to the network. When a wired physical port is enabled for Captive Portal then the port would be set in captive-portalenabled state such that all the traffic coming onto the port from the unauthenticated clients are ropped except for the ARP, DHCP, DNS and NETBIOS packets. These packets are allowed to be forwarded by the switch so that the unauthenticated clients can get an IP address and be able to resolve the hostname or domain names. The data traffic from the authenticated clients would go through normally and the above rules do not apply to these packets. All the HTTP/HTTPS packets from unauthenticated clients are directed to the CPU on the switch for all the ports that are enabled for Captive Portal. So when an unauthenticated client opens a web browser and tries to connect to network, the Captive Portal redirects all the HTTP/HTTPS traffic from unauthenticated clients to the authenticating server on the switch. A Captive portal web page is sent back to the unauthenticated client and the client can authenticate and based upon the authentication the client is given access to the port. The Captive Portal feature can be enabled on all the physical ports on the switch. It is not supported for VLAN interfaces, loopback interfaces or logical interfaces. The Captive Portal feature is Mac-based authentication and not port-based authentication. This means that all the clients connected to the captive portal interface have to get authenticated before they can get access to the network. Captive Portal v1.0, October 2009 32-1

Section	Page
NETGEAR Managed Switches Software Administration Manual, Release 8.0	1
Contents	4
Conventions, Formats, Scope, and Audience	11
Additional Documentation	12
How to Print This Manual	13
Revision History	13
Chapter 1 Getting Started	14
In-band and Out-of-band Connectivity	14
Configuring for In-band Connectivity	14
Using BootP or DHCP	14
Using the EIA-232 Port	15
Configuring for Out-Of-Band Connectivity	16
Starting the Switch	17
Initial Configuration	17
Initial Configuration Procedure	18
Software Installation	18
Quick Starting the Networking Device	18
System Information and System Setup	19
Loading Firmware Using the Boot Menu	22
Using Ezconfig for Switch Setup	23
Changing the Password	24
Setting Up the Switch IP Address	24
Assigning Switch Name and Location Information	25
Saving the Configuration	25
Using the Web Interface	26
Configuring for Web Access	26
Starting the Web Interface	27
Web Interface Layout	27
Configuring an SNMP V3 User Profile	29
Chapter 2 Auto Install Configuration	31
Switch IP Address Assignment	31
Assignment of Other Dynamic Configuration	32
TFTP IP Address and the Configuration File Name	32
Handling Conflicting TFTP Server Configuration	32
DNS Server Requirements	32
Obtaining a Config File	33
Host-Specific Configuration File	33
Default Network Configuration File	33
Monitoring and Completing the Auto Install Process	34
Saving Configuration	35
Host-Specific Config File Not Found	35
Terminating the Auto Install Process	35
Managing Downloaded Config Files	35
Restarting the Auto Install Process	35
Logging	36
Configure Auto Install	37
Stacking	37
DHCP Server Configuration	37
TFTP Server Configuration	37
CLI: Switch Configuration	38
Web Interface	38
Chapter 3 Virtual LANs	40
Create Two VLANs	41
CLI: Creating Two VLANS	41
Web Interface: Creating Two VLANS	41
Assign Ports to VLAN2	43
CLI: Assigning Ports to VLAN2	43
Web Interface: Assigning Ports to VLAN2	43
Assign Ports to VLAN3	44
CLI: Assigning Ports to VLAN3	45
Web Interface: Assigning Ports to VLAN3	45
Assign VLAN3 as the Default VLAN for Port 1/0/2	46
CLI: Assigning VLAN3 as the Default VLAN for Port 1/0/2	46
Web Interface: Assigning VLAN3 as the Default VLAN for Port 1/0/2	46
Creating a MAC-based VLAN	47
CLI: Creating a MAC-Based VLAN	48
Web Interface Procedure: Assigning a MAC-Based VLAN	49
Create a Protocol-Based VLAN	51
CLI: Creating a Protocol-based VLAN	51
Web Interface: Creating a Protocol-based VLAN	52
Virtual VLANs: Create an IP Subnet Based VLAN	55
CLI: Creating an IP Subnet Based VLAN	55
Web Interface: Creating an IP Subnet Based VLAN	56
Voice VLAN	58
CLI: Configuring Voice VLAN and Prioritizing Voice Traffic	59
Web Interface: Voice VLAN and Prioritizing Voice Traffic	60
Chapter 4 Link Aggregation	70
Create Two LAGs	71
CLI: Creating Two LAGs	71
Web Interface: Creating Two LAGs	72
Add the Ports to the LAGs	72
CLI: Adding the Ports to the LAGs	73
Web Interface: Adding the Ports to the LAGs	73
Enable Both LAGs	74
CLI: Enabling Both LAGs	74
Web Interface: Enabling Both LAGs	75
Chapter 5 Port Routing	76
Port Routing Configuration	76
Enable Routing for the Switch	77
CLI: Enabling Routing for the Switch	78
Web Interface: Enabling Routing for the Switch	78
Enable Routing for Ports on the Switch	78
CLI: Enabling Routing for Ports on the Switch	79
Web Interface: Enabling Routing for Ports on the Switch	79
Adding a Default Route	81
CLI: Add a Default Route	82
Web Interface: Add a Default Route	82
Adding a Static Route	83
CLI Command Procedure:	83
Web Interface Procedure	83
Chapter 6 VLAN Routing	85
Create Two VLANs	85
CLI: Creating Two VLANs	86
Web Interface: Creating Two VLANs	87
Set Up VLAN Routing for the VLANs and the Switch	90
CLI: Setting Up VLAN Routing for the VLANs and the Switch	90
Web Interface: Setting Up VLAN Routing for the VLANs and the Switch	91
Chapter 7 Routing Information Protocol	93
Enable Routing for the Switch	94
CLI: Enabling Routing for the Switch	94
Web Configuration: Enabling Routing for the Switch	94
Enable Routing for Ports	95
CLI: Enabling Routing for Ports	95
Web Interface: Enabling Routing for the Ports	95
Enable RIP for the Switch	97
CLI: Enabling RIP for the Switch	98
Web Interface: Enabling RIP on the Switch	98
Enable RIP for Ports 1/0/2 and 1/0/3	98
CLI: Enabling RIP for Ports 1/0/2 and 1/0/3	98
Web Interface: Enabling RIP for Ports 1/0/2 and 1/0/3	99
VLAN Routing RIP Configuration	100
CLI: VLAN Routing RIP Configuration	102
Web Interface: VLAN Routing RIP Configuration	103
Chapter 8 OSPF	106
Configure an Inter-Area Router	107
CLI: Configuring an Inter-Area Router	107
Web Interface: Configuring an Inter-Area Router	108
Configure OSPF on a Border Router	113
CLI: Configuring OSPF on a Border Router	113
Web Interface: Configuring OSPF on a Border Router	115
Configure Area 1 as a Stub Area	120
CLI: Configuring Area 1 as a Stub Area on A1	121
Web Interface: Configuring Area 1 as a Stub Area on A1	122
CLI: Configuring Area 1 as a Stub Area on A2	126
Web Interface: Configuring Area 1 as a Stub Area on A2	127
Configure Area 1 as a nssa Area	129
CLI: Configuring Area 1 as a nssa Area	130
Web Interface: Configuring Area 1 as a nssa Area on A1	131
CLI: Configuring Area 1 as a nssa Area on A2	135
Web Interface: Configuring Area 1 as a nssa Area on A2	136
VLAN Routing OSPF Configuration	140
CLI: VLAN Routing OSPF Configuration	141
Web Interface: VLAN Routing OSPF Configuration	142
OSPFv3 (Open Shortest Path First)	145
CLI: Configuring OSPFv3	146
Web Interface: Confguring OSPFv3	147
Chapter 9 Proxy Address Resolution Protocol (ARP)	152
Proxy ARP Examples	152
CLI: show ip interface	152
CLI: ip proxy-arp	153
Web Interface: Configuring Proxy ARP on a Port	153
Chapter 10 Virtual Router Redundancy Protocol	154
Configure VRRP on a Master Router	155
CLI: Configuring VRRP on a Master Router	155
Web Interface: Configuring VRRP on a Master Router	156
Configure VRRP on a Backup Router	157
CLI: Configuring VRRP on a Backup Router	158
Web Interface: Configuring VRRP on a Backup Router	159
Chapter 11 Access Control Lists (ACLs)	161
MAC ACLs	161
Configuring IP ACLs	162
Process	162
Set up an IP ACL with Two Rules	163
CLI: Setting up an IP ACL with Two Rules	163
CLI Commands	163
Web Interface: Setting up an IP ACL with Two Rules	164
Configure a One-Way Access Using a TCP Flag in an ACL	168
CLI: Configuring a One-Way Access Using a TCP Flag in an ACL	168
Step 1: Configure the Switch (see Figure 11-7)	168
Step 2: Configure the GSM7352S (see Figure 11-7)	170
Web Interface: Configuring a One-Way Access Using a TCP Flag in an ACL	171
Configuring the Switch	171
Configuring GSM7342S	181
Configure Isolated VLANs on a Layer 3 Switch by Using ACLs	186
CLI: Configuring a One-Way Access Using a TCP Flag in an ACL Commands	187
Web Interface: Configuring a One-Way Access Using a TCP Flag in an ACL	189
Set up a MAC ACL with Two Rules	199
CLI: Setting up a MAC ACL with Two Rules	199
Web Interface: Setting up a MAC ACL with Two Rules	200
ACL Mirroring	203
CLI: Configuring ACL Mirroring	204
Web Interface: Configuring ACL Mirroring	205
ACL Redirect	209
CLI: Redirecting a Traffic Stream	209
Web Interface: Redirecting	210
Configure IPv6 ACLs	215
CLI: Configuring an IPv6 ACL	216
Web Interface: Configuring an IPv6 ACL	218
Chapter 12 Class of Service (CoS) Queuing	223
CoS Queue Mapping	223
Trusted Ports	223
Untrusted Ports	224
CoS Queue Configuration	224
Show classofservice Trust	225
CLI: Showing classofservice trust	225
Web Interface: Showing classofservice Trust	225
Set classofservice trust Mode	225
CLI: Setting classofservice Trust Mode	226
Web Interface: Setting classofservice Trust Mode	226
Show classofservice ip-precedence Mapping	227
CLI: Showing classofservice ip-precedence Mapping	227
Web Interface: Showing classofservice ip-precedence Mapping	227
Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode	228
CLI: Configuring Cos-queue Min-bandwidth and Strict Priority Scheduler Mode	228
Web Interface: Configuring CoS-queue Min-bandwidth and Strict Priority Scheduler Mode	228
Set CoS Trust Mode of an Interface	230
CLI: Setting CoS Trust Mode of an Interface	230
Web Interface: Setting CoS Trust Mode of an Interface	231
Configure Traffic Shaping	231
CLI: Configuring traffic-shape	232
Web Interface: Configuring Traffic-shape	232
Chapter 13 Differentiated Services	234
Differentiated Services	235
CLI: DiffServ	235
Web Interface: DiffServ	237
DiffServ for VoIP Configuration	253
CLI: DiffServ for VoIP	254
Web Interface: Diffserv for VoIP	255
Auto VoIP Configuration	262
CLI: Configuring Auto VoIP	262
Web Interface: Configuring Auto-VoIP	263
DiffServ for IPv6 Configuration Example	266
CLI: Configuring DiffServ for IPv6	266
Web Interface: Configuring DiffServ for IPv6	267
Chapter 14 IGMP Snooping and Querier	275
Enable IGMP Snooping	275
CLI: Enabling IGMP Snooping	275
Web Interface: Enabling IGMP Snooping	275
Show igmpsnooping	276
CLI: Showing igmpsnooping	276
Web Interface: Showing igmpsnooping	277
Show mac-address-table igmpsnooping	277
CLI: Showing mac-address-table igmpsnooping	278
Web Interface: Showing mac-address-table igmpsnooping	278
Configure the Switch with an External Multicast Router	278
CLI: Configuring the Switch with an External Multicast Router	279
Web Interface: Configuring the Switch with an External Multicast Router	279
Configure the Switch with a Multicast Router Using VLAN	280
CLI: Configure the Switch with a Multicast Router Using VLAN	280
Web Interface: Configuring the Switch with a Multicast Router Using VLAN	280
IGMP Querier	281
Enable IGMP Querier	282
CLI: Enabling IGMP Querier	282
Web Interface: Enabling IGMP Querier	282
Show IGMP Querier Status	283
CLI: Showing IGMP Querier Status	283
Web Interface: Showing IGMP Querier Status	283
Chapter 15 Security Management	285
Port Security	285
Set the Dynamic and Static Limit on the Port 1/0/1	286
CLI: Setting the Dynamic and Static Limit on the Port 1/0/1	286
Web Interface: Setting the Dynamic and Static Limit on the Port 1/0/1	286
Convert the Dynamic Address Learned from 1/0/1 to the Static Address	288
CLI: Converting the Dynamic Address Learned from 1/0/1 to the Static Address	288
Web Interface: Converting the Dynamic Address Learned from 1/0/1 to the Static Address	288
Create a Static Address	289
CLI: Creating a Static Address	289
Web Interface: Creating a Static Address	289
Protected Ports	290
CLI: Configuring a Protected Port to Isolate Ports on the Switch	290
Web Interface: Configuring a Protected Port to Isolate Ports on the Switch	292
802.1x Port Security	297
CLI: Authenticating dot1x Users by a RADIUS Server	298
Web Interface: Authenticating dot1x Users by a RADIUS Server	299
Create a Guest VLAN	304
CLI: Creating a Guest VLAN	305
Web Interface: Creating a Guest VLAN	306
VLAN Assignment via RADIUS	310
Configuration on RADIUS Server	311
CLI: Configuration on the Switch	311
Web Interface : VLAN Assignment via RADIUS	313
Dynamic ARP Inspection	317
CLI: Dynamic ARP Inspection	318
Web Interface: Dynamic ARP Inspection	319
Configuring Static Mapping	325
CLI: Configuring Static Mapping	325
Web Interface: Configuring Static Mapping	325
DHCP Snooping	327
CLI: Configuring DHCP Snooping	328
Web Interface: Configuring DHCP Snooping	328
Enter Static Binding into the Binding Database	331
CLI: Entering Static Binding into the Binding Database	331
Web Interface: Entering Static Binding into the Binding Database	332
Configure the Maximum Rate of DHCP Messages	332
CLI: Configuring the Maximum Rate of DHCP Messages	332
Web Interface: Configuring the Maxiumum Rate of DHCP Messages	333
IP Source Guard	334
CLI: Configuring Dynamic ARP Inspection	335
Web Interface: Configuring Dynamic ARP Inspection	335
Chapter 16 Simple Network Time Protocol (SNTP)	340
Show SNTP (CLI Only)	340
show sntp	340
show sntp client	341
show sntp server	341
Configure SNTP	341
CLI: Configuring SNTP	342
Web Interface: Configuring SNTP	343
Set the Time Zone (CLI Only)	344
Set Named SNTP Server	344
CLI: Setting Named SNTP Server	344
Web Interface: Setting Named SNTP Server	345
Chapter 17 Tools	347
Traceroute	347
CLI:Traceroute	347
Web Interface: Traceroute	348
Configuration Scripting	349
script	350
script list and script delete	350
script apply running-config.scr	350
Create a Configuration Script	351
Upload a Configuration Script	351
Pre-Login Banner	351
Creating a Pre-Login Banner (CLI Only)	351
Port Mirroring	352
CLI: Specifying the Source (Mirrored) Ports and Destination (Probe)	353
Web Interface: Specifying the Source (Mirrored) Ports and Destination (Probe)	353
Dual Image	354
CLI: Downloading a Backup Image and Having It Active	354
Web Interface: Downloading a Backup Image and Having It Active	355
Outbound Telnet	357
CLI: show network	357
CLI: show telnet	358
CLI: transport output telnet	358
Web Interface: Configuring Telnet	358
CLI: session-limit and session-timeout	359
Web Interface: Configuring the Session Timeout	359
Chapter 18 Syslog	361
Show Logging	362
CLI: Show Logging	362
Web Interface: Show Logging	362
Show Logging Buffered	365
CLI: Showing Logging Buffered	365
Web Interface: Showing Logging Buffered	365
Show Logging Traplogs	366
CLI: Showing Logging Traplogs	366
Web Interface: Showing Logging Trap Logs	367
Show Logging Hosts	367
CLI: Showing Logging Hosts	367
Web Interface: Showing Logging Hosts	367
Log Port Configuration	368
CLI: Logging Port Configuration	368
Web Interface: Logging Port Configuration	369
Chapter 19 Managing Switch Stacks	370
Understanding Switch Stacks	371
Switch Stack Membership	371
Switch Stack Cabling (FSM73xxS)	372
Stack Master Election and Re-Election	373
Stack Member Numbers	374
Stack Member Priority Values	374
Switch Stack Offline Configuration	375
Effects of Adding a Preconfigured Switch to a Switched Stack	375
Effects of Replacing a Preconfigured Switch in a Switch Stack	375
Effects of Removing a Preconfigured Switch from a Switch Stack	376
Switch Stack Software Compatibility Recommendations	376
Incompatible Software and Stack Member Image Upgrades	376
Switch Stack Configuration Files	376
Switch Stack Management Connectivity	376
Switch Stack Configuration Scenarios	377
Stacking Recommendations	378
General Practices	378
Initial installation and Power-up of a Stack	378
Removing a Unit from the Stack	379
Adding a Unit to an Operating Stack	379
Replacing a Stack Member with a New Unit	380
Renumber Stack Members	380
CLI: Renumbering Stack Members	380
Web Interface: Renumbering Stack Members	381
Moving a Master to a Different Unit in the Stack	382
CLI: Moving a Master to a Different Unit in the Stack	382
Web Interface: Moving a Master to a Different Unit in the Stack	382
Removing a Master Unit from an Operating Stack	383
Merging Two Operational Stacks	383
Preconfiguration	383
Upgrading Firmware	384
Migration of Configuration With a Firmware Upgrade	384
Code Mismatch	384
Web Interface: Upgrading Firmware	385
Chapter 20 SNMP	386
Add a New Community	386
CLI: Adding a New Community	386
Web Interface: Adding a New Community	386
Enable SNMP Trap	387
CLI: Enabling SNMP Trap	387
Web Interface: Enabling SNMP Trap	387
Configure SNMP V3	388
CLI: Configuring SNMP V3	388
Web Interface: Configuring SNMP V3	389
sFlow	390
CLI: Configuring Statistical Packet-Based Sampling of Packet Flows with sFlow	391
Web Interface: Configuring Statistical Packet-based Sampling with sFlow	392
Configure Time-Based Sampling of Counters with sFlow	394
CLI: Configuring Time-Based Sampling of Counters with sFlow	394
Chapter 21 DNS	396
Specify Two DNS Servers	396
CLI: Specifying Two DNS Servers	396
Web Interface: Specifying Two DNS Servers	396
Manually Add a Host Name and an IP Address	397
CLI Example: Manually Adding a Host Name and an IP Address	397
Web Interface: Manually Adding a Host Name and an IP Address	398
Chapter 22 DHCP Server	399
Configure a DHCP Server in Dynamic Mode	399
CLI: Configuring a DHCP Server in Dynamic Mode	399
Web Interface: Configuring a DHCP Server in Dynamic Mode	399
Configure a DHCP Reservation	401
CLI: Configuring a DHCP Reservation	402
Web Interface: Configuring a DHCP Reservation	402
Chapter 23 Double VLANs	404
Enable a Double VLAN	405
CLI: Enabling a Double VLAN on a VLAN	405
Web Interface: Enabling a Double VLAN on a VLAN	405
Chapter 24 Private VLAN Groups	410
Create a Private VLAN Group	410
CLI: Creating a Private VLAN Group	411
Web Interface: Creating a Private VLAN Group	412
Chapter 25 Spanning Tree Protocol	416
Configure Classic STP (802.1d)	416
CLI: Configuring Classic STP (802.1d)	416
Web Interface:Configuring Classic STP (802.1d)	416
Configure Rapid STP (802.1w)	418
CLI: Configuring Rapid STP (802.1w)	418
Web Interface: Configuring Rapid STP (802.1w)	418
Configure Multiple STP (802.1s)	419
CLI: Configuring Multiple STP (802.1s)	420
Web Interface: Configuring Multiple STP (802.1s)	420
Chapter 26 Tunnel	423
CLI: Creating a Tunnel	423
On GSM7328S_1	423
On GSM7328S_2	424
Web Interface: Creating a Tunnel	425
On GSM7328S_1	425
On GSM7328S_2	428
Chapter 27 IPv6 Interface Configuration	432
Creating an IPv6 Routing Interface	432
Web Interface: Creating an IPv6 Routing Interface	433
Create an IPv6 Network Interface	435
CLI: Configure the IPv6 Network Interface	435
Web Interface: Configuring the IPv6 Network Interface	435
Create an IPv6 Routing VLAN	437
CLI: Creating an IPv6 Routing VLAN	437
Web Interface: Creating an IPv6 VLAN Routing Interface	438
Chapter 28 PIM	442
PIM-DM Configuration	442
CLI: Configuring PIM-DM	444
On Switch A	444
On Switch B	445
On Switch C	445
On Switch D	445
Web Interface: Configuring PIM-DM	447
On Switch A:	447
On Switch B:	453
On Switch C:	457
On Switch D:	462
PIM-SM Configuration	468
CLI: Configuring PIM-SM	470
On Switch A	470
On Switch B	471
On Switch C	471
On Switch D	472
Web Interface: Configuring PIM-SM	473
On Switch A:	473
On Switch B:	479
On Switch C:	485
On Switch D:	491
Chapter 29 DHCP L2 Relay	500
CLI: DHCP L2 Relay	501
Web Interface: DHCP L2 Relay	502
Chapter 30 MLD	506
Configure MLD	506
CLI: Configuring MLD	507
Web Interface: Configuring MLD	509
On Switch A:	509
On Switch B:	516
MLD Snooping	524
CLI: MLD Snooping	525
Web Interface: MLD Snooping	525
Chapter 31 DVMRP	529
Configure DVMRP on a NETGEAR Switch	529
CLI: Configuring DVMRP	530
On Switch A:	530
On Switch B	532
On Switch C:	534
Web Interface: Configuring DVMRP	535
On Switch A:	535
On Switch B	540
On Switch C:	544
Chapter 32 Captive Portal	549
Captive Portal Configuration	550
Enable Captive Portal	550
CLI: Enabling Captive Portal	550
Web Interface: Enabling Captive Portal	551
Client Access, Authentication, and Control	553
Block a Captive Portal Instance	553
CLI: Blocking a Captive Portal Instance	553
GUI: Blocking a Captive Portal Instance	553
Local Authorization User/Group Configuration	554
CLI: Creating Users and Groups	554
Web Interface: Creating Users and Groups	554
Remote Authorization (RADIUS) User Configuration	556
CLI: Configuiring RADIUS as the Verification Mode	557
Web Interface: Configuring RADIUS as the Verification Mode	557

Match case Limit results 1 per page

NETGEAR Managed Switches Software Administration Manual, Release 8.0

Captive Portal

32-1

v1.0, October 2009

Chapter 32

Captive Portal

This chapter includes the following sections:

•

“Captive Portal Configuration” on page 32-2

•

“Enable Captive Portal” on page 32-2

•

“Client Access, Authentication, and Control” on page 32-5

•

“Block a Captive Portal Instance” on page 32-5

•

“Local Authorization User/Group Configuration” on page 32-6

•

“Remote Authorization (RADIUS) User Configuration” on page 32-8

•

“SSL Certificates” on page 32-10

The Captive Portal feature is a software implementation that blocks clients from accessing the network until

user verification has been established. Verification can be configured to allow access for both guest and

authenticated users. Authenticated users must be validated against a database of authorized Captive Portal

users before access is granted.

The Authentication server supports both HTTP and HTTPS web connections. In addition, Captive Portal can

be configured to use an optional HTTP port (in support of HTTP Proxy networks). If configured, this

additional port is then used exclusively by Captive Portal. Note that this optional port is in addition to the

standard HTTP port 80 which is currently being used for all other web traffic.

Captive Portal for wired interfaces allows the clients directly connected to the switch be authenticated using

a Captive Portal mechanism before the client is given access to the network.

When a wired physical port is enabled for Captive Portal then the port would be set in captive-portal-

enabled state such that all the traffic coming onto the port from the unauthenticated clients are ropped except

for the ARP, DHCP, DNS and NETBIOS packets. These packets are allowed to be forwarded by the switch

so that the unauthenticated clients can get an IP address and be able to resolve the hostname or domain

names. The data traffic from the authenticated clients would go through normally and the above rules do not

apply to these packets.

All the HTTP/HTTPS packets from unauthenticated clients are directed to the CPU on the switch for all the

ports that are enabled for Captive Portal. So when an unauthenticated client opens a web browser and tries to

connect to network, the Captive Portal redirects all the HTTP/HTTPS traffic from unauthenticated clients to

the authenticating server on the switch. A Captive portal web page is sent back to the unauthenticated client

and the client can authenticate and based upon the authentication the client is given access to the port.

The Captive Portal feature can be enabled on all the physical ports on the switch. It is not supported for

VLAN interfaces, loopback interfaces or logical interfaces. The Captive Portal feature is Mac-based

authentication and not port-based authentication. This means that all the clients connected to the captive

portal interface have to get authenticated before they can get access to the network.