Home » Netgear Manuals » Hubs & Switches » Netgear XSM4324FS » Manual Viewer

Netgear XSM4324FS Software Administration Manual Software Version 12.x - Page 690

Captive Portal Concepts

Add to My Manuals
Save this manual to your list of manuals

Page 690 highlights

M4300 Series and M4300-96X Fully Managed Switches Captive Portal Concepts The captive portal feature is a software implementation that blocks clients from accessing the network until user verification has been established. You can set up verification to allow access for both guests and authenticated users. Authenticated users must be validated against a database of authorized captive portal users before access is granted. The authentication server supports both HTTP and HTTPS web connections. In addition, you can configure a captive portal to use an optional HTTP port (in support of HTTP proxy networks). If configured, this additional port is then used exclusively by the captive portal. This optional port is in addition to the standard HTTP port 80, which is being used for all other web traffic. The captive portal for wired interfaces allows the clients directly connected to the switch to be authenticated using a captive portal mechanism before the client is given access to the network. When you enable the captive portal feature on a wired physical port, the port is set in captive-portal- enabled state such that all the traffic coming to the port from the unauthenticated clients is dropped except for the ARP, DHCP, DNS, and NETBIOS packets. The switch forwards these packets so that unauthenticated clients can get an IP address and resolve the hostname or domain names. Data traffic from authenticated clients goes through, and the rules do not apply to these packets. All the HTTP/HTTPS packets from unauthenticated clients are directed to the CPU on the switch for all the ports for which you enabled the captive portal feature. When an unauthenticated client opens a web browser and tries to connect to network, the captive portal redirects all the HTTP/HTTPS traffic from unauthenticated clients to the authenticating server on the switch. A captive portal web page is sent back to the unauthenticated client. The client can authenticate. If the client successfully authenticates, the client is given access to port. You can enable the captive portal feature on all the physical ports on the switch. It is not supported for VLAN interfaces, loopback interfaces, or logical interfaces. The captive portal feature uses MAC-address based authentication and not port-based authentication. This means that all the clients connected to the captive portal interface must be authenticated before they can get access to the network. Clients connecting to the captive portal interface have three states; unknown, unauthenticated, and authenticated. • Unknown. In the unknown state, the captive portal does not redirect HTTP/S traffic to the switch, but instead asks the switch whether the client is authenticated or unauthenticated. • Unauthenticated. The captive portal directs the HTTP/S traffic to the switch so that the client can authenticate with the switch. • Authenticated. After successful authentication, the client is placed in authenticated state. In this state, all the traffic emerging from the client is forwarded through the switch. Captive Portals 690 Software Administration Manual

Section	Page
M4300 Intelligent Edge Series Fully Managed Stackable Switches	1
1 Documentation Resources	18
2 LAGs	20
Link Aggregation Concepts	21
Add Ports to LAGs	22
CLI: Add Ports to the LAGs	22
Local Browser Interface: Add Ports to LAGs	22
3 VLANs	24
VLAN Concepts	25
Create Two VLANs	26
CLI: Create Two VLANs	26
Local Browser Interface: Create Two VLANs	26
Assign Ports to VLAN 2	27
CLI: Assign Ports to VLAN 2	27
Local Browser Interface: Assign Ports to VLAN 2	28
Create Three VLANs	29
CLI: Create Three VLANs	29
Local Browser Interface: Create Three VLANs	29
Assign Ports to VLAN 3	31
CLI: Assign Ports to VLAN 3	31
Local Browser Interface: Assign Ports to VLAN 3	31
Assign VLAN 3 as the Default VLAN for Port 1/0/2	32
CLI: Assign VLAN 3 as the Default VLAN for Port 1/0/2	32
Local Browser Interface: Assign VLAN 3 as the Default VLAN for Port 1/0/2	33
Create a MAC-Based VLAN	33
CLI: Create a MAC-Based VLAN	34
Local Browser Interface: Assign a MAC-Based VLAN	35
Create a Protocol-Based VLAN	37
CLI: Create a Protocol-Based VLAN	37
Local Browser Interface: Create a Protocol-Based VLAN	38
Virtual VLANs: Create an IP Subnet–Based VLAN	41
CLI: Create an IP Subnet–Based VLAN	42
Local Browser Interface: Create an IP Subnet–Based VLAN	43
Voice VLANs	44
Voice VLAN Interoperation with Auto-VoIP	46
CLI: Configure Voice VLAN and Prioritize Voice Traffic	48
Local Browser Interface: Configure Voice VLAN and Prioritize Voice Traffic	50
Configure GARP VLAN Registration Protocol	56
CLI: Enable GVRP	56
Local Browser Interface: Configure GVRP on switch A	58
Local Browser Interface: Configure GVRP on Switch B	60
Private VLANs	61
Assign Private-VLAN Types (Primary, Isolated, Community)	63
CLI: Assign Private-VLAN Type (Primary, Isolated, Community)	63
Local Browser Interface: Assign Private-VLAN Type (Primary, Isolated, Community)	63
Configure Private-VLAN Association	65
CLI: Configure Private-VLAN Association	65
Local Browser Interface: Configure Private-VLAN Association	65
Configure Private-VLAN Port Mode (Promiscuous, Host)	66
CLI: Configure Private-VLAN Port Mode (Promiscuous, Host)	66
Local Browser Interface: Configure Private-VLAN Port Mode (Promiscuous, Host)	66
Configure Private-VLAN Host Ports	68
CLI: Configure Private-VLAN Host Ports	68
Local Browser Interface: Assign Private-VLAN Port Host Ports	68
Map Private-VLAN Promiscuous Port	69
CLI: Map Private-VLAN Promiscuous Port	69
Local Browser Interface: Map Private-VLAN Promiscuous Port	70
VLAN Access Ports and Trunk Ports	70
CLI: Configure a VLAN Trunk	72
Local Browser Interface: Configure a VLAN Trunk	73
4 Port Routing	77
Port Routing Concepts	78
Port Routing Configuration	78
Enable Routing for the Switch	79
CLI: Enable Routing for the Switch	79
Local Browser Interface: Enable Routing for the Switch	80
Enable Routing for Ports on the Switch	80
CLI: Enable Routing for Ports on the Switch	81
Local Browser Interface: Enable Routing for Ports on the Switch	81
Add a Default Route	83
CLI: Add a Default Route	84
Local Browser Interface: Add a Default Route	84
Add a Static Route	85
CLI: Show Routing Information	85
Local Browser Interface: Add a Static Route	85
5 VLAN Routing	87
VLAN Routing Concepts	88
Create Two VLANs	88
CLI: Create Two VLANs	89
Local Browser Interface: Create Two VLANs	90
Set Up VLAN Routing for the VLANs and the Switch	93
CLI: Set Up VLAN Routing for the VLANs and the Switch	93
Local Browser Interface: Set Up VLAN Routing for the VLANs and the Switch	94
6 RIP	95
Routing Information Protocol Concepts	96
Enable Routing for the Switch	97
CLI: Enable Routing for the Switch	97
Local Browser Interface: Enable Routing for the Switch	97
Enable Routing for Ports	98
CLI: Enable Routing and Assigning IP Addresses for Ports 1/0/2 and 1/0/3	98
Local Browser Interface: Enable Routing for the Ports	98
Enable RIP on the Switch	100
CLI: Enable RIP on the Switch	100
Local Browser Interface: Enable RIP on the Switch	100
Enable RIP for Ports 1/0/2 and 1/0/3	101
CLI: Enable RIP for Ports 1/0/2 and 1/0/3	101
Local Browser Interface: Enable RIP for Ports 1/0/2 and 1/0/3	101
Configure VLAN Routing with RIP Support	102
CLI: Configure VLAN Routing with RIP Support	103
Local Browser Interface: Configure VLAN Routing with RIP Support	104
7 OSPF	107
Open Shortest Path First Concepts	108
Inter-area Router	108
CLI: Configure an Inter-area Router	109
Local Browser Interface: Configure an Inter-area Router	111
OSPF on a Border Router	115
CLI: Configure OSPF on a Border Router	115
Local Browser Interface: Configure OSPF on a Border Router	116
Stub Areas	121
CLI: Configure Area 1 as a Stub Area on A1	122
Local Browser Interface: Configure Area 1 as a Stub Area on A1	123
CLI: Configure Area 1 as a Stub Area on A2	127
Local Browser Interface: Configure Area 1 as a Stub Area on A2	128
NSSA Areas	131
CLI: Configure Area 1 as an NSSA Area	131
Local Browser Interface: Configure Area 1 as an NSSA Area on A1	133
CLI: Configure Area 1 as an NSSA Area on A2	137
Local Browser Interface: Configure Area 1 as an NSSA Area on A2	139
VLAN Routing OSPF	143
CLI: Configure VLAN Routing OSPF	144
Local Browser Interface: Configure VLAN Routing OSPF	145
OSPFv3	148
CLI: Configure OSPFv3	149
Local Browser Interface: Configure OSPFv3	151
8 PBR	154
Policy-Based Routing Concepts	155
Route-Map Statements	155
PBR Processing Logic	156
PBR Configurations	158
PBR Example	158
9 ARP	161
Proxy ARP Concepts	162
Proxy ARP Examples	162
CLI: show ip interface	162
CLI: ip proxy-arp	163
Local Browser Interface: Configure Proxy ARP on a Port	163
10 VRRP	164
Virtual Router Redundancy Protocol Concepts	165
VRRP on a Master Router	166
CLI: Configure VRRP on a Master Router	166
Local Browser Interface: Configure VRRP on a Master Router	167
VRRP on a Backup Router	168
CLI: Configure VRRP on a Backup Router	168
Local Browser Interface: Configure VRRP on a Backup Router	169
11 ACLs	171
Access Control List Concepts	172
MAC ACLs	172
IP ACLs	173
ACL Configuration	173
Set Up an IP ACL with Two Rules	173
CLI: Set Up an IP ACL with Two Rules	174
Local Browser Interface: Set Up an IP ACL with Two Rules	175
One-Way Access Using a TCP Flag in an ACL	178
CLI: Configure One-Way Access Using a TCP Flag in an ACL	179
Local Browser Interface: Configure One-Way Access Using a TCP Flag in an ACL	182
Use ACLs to Configure Isolated VLANs on a Layer 3 Switch	193
CLI: Configure One-Way Access Using a TCP Flag in ACL Commands	194
Local Browser Interface: Configure One-Way Access Using a TCP Flag in an ACL	196
Set up a MAC ACL with Two Rules	204
CLI: Set up a MAC ACL with Two Rules	204
Local Browser Interface: Set up a MAC ACL with Two Rules	205
Configure ACL Mirroring	207
CLI: Configure ACL Mirroring	208
Local Browser Interface: Configure ACL Mirroring	210
Configure ACL Redirection	213
CLI: Redirect a Traffic Stream	214
Local Browser Interface: Redirect a Traffic Stream	215
Add ACL Remarks	218
Change the Sequence of an ACL Rule	219
Configure a Management ACL	221
Example 1: Permit Any Host to Access the Switch Through Telnet or HTTP:	222
Example 2: Permit a Specific Host to Access the Switch Through SSH Only	222
Configure IPv6 ACLs	222
CLI: Configure an IPv6 ACL	224
Local Browser Interface: Configure an IPv6 ACL	226
12 CoS Queuing	231
CoS Queuing Concepts	232
CoS Queue Mapping	232
Trusted Ports	232
Untrusted Ports	233
CoS Queue Configuration	233
Show the Trust Mode for a Class of Service	234
CLI: Show the Trust Mode for a Class of Service	234
Local Browser Interface: Show the Trust Mode for a Class of Service	234
Set the Trust Mode for a Class of Service	235
CLI: Set the Trust Mode for a Class of Service	235
Local Browser Interface: Set the Trust Mode for a Class of Service	235
Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode	236
CLI: Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode	236
Local Browser Interface: Configure CoS-queue Min-bandwidth and Strict Priority Scheduler Mode	236
Set the CoS Trust Mode for an Interface	238
CLI: Set the CoS Trust Mode for an Interface	238
Local Browser Interface: Set the CoS Trust Mode for an Interface	238
Configure Traffic Shaping	239
CLI: Configure Traffic Shaping	239
Local Browser Interface: Configure Traffic Shaping	239
13 DiffServ	241
Differentiated Services Concepts	242
DiffServ	243
CLI: Configure DiffServ	243
Local Browser Interface: Configure DiffServ	246
DiffServ for VoIP	258
CLI: Configure DiffServ for VoIP	259
Local Browser Interface: Diffserv for VoIP	261
Auto VoIP	266
Protocol-Based Auto VoIP	266
OUI-Based Auto VoIP	267
Example 1: Enable Protocol-Based Auto VoIP	268
Example 2: Change the Queue of Protocol-Based Auto VoIP	269
Example 3: Create an Auto VoIP VLAN	270
DiffServ for IPv6	273
CLI: Configure DiffServ for IPv6	273
Local Browser Interface: Configure DiffServ for IPv6	274
Color Conform Policy	280
CLI: Configure a Color Conform Policy	281
Local Browser Interface: Configure a Color Conform Policy	282
WRED Explicit Congestion Notification	287
14 IGMP Snooping and Querier	290
Internet Group Management Protocol Concepts	291
IGMP Snooping	291
CLI: Enable IGMP Snooping	291
Local Browser Interface: Enable IGMP Snooping	292
Show igmpsnooping	292
CLI: Show igmpsnooping	292
Local Browser Interface: Show igmpsnooping	293
Show mac-address-table igmpsnooping	293
CLI for IGMPv1 and IGMPv2: Show mac-address-table igmpsnooping	293
CLI for IGMPv3: show igmpsnooping ssm entries	294
Local Browser Interface: Show mac-address-table igmpsnooping	294
External Multicast Router	294
CLI: Configure the Switch with an External Multicast Router	294
Local Browser Interface: Configure the Switch with an External Multicast Router	295
Multicast Router Using VLAN	295
CLI: Configure the Switch with a Multicast Router Using VLAN	295
Local Browser Interface: Configure the Switch with a Multicast Router Using VLAN	296
IGMP Querier Concepts	296
Enable IGMP Querier	297
CLI: Enable IGMP Querier	297
Local Browser Interface: Enable IGMP Querier	298
Show IGMP Querier Status	300
CLI: Show IGMP Querier Status	300
Local Browser Interface: Show IGMP Querier Status	300
15 MVR	301
Multicast VLAN Registration	302
Configure MVR in Compatible Mode	303
CLI: Configure MVR in Compatible Mode	304
Local Browser Interface: Configure MVR in Compatible Mode	306
Configure MVR in Dynamic Mode	309
CLI: Configure MVR in Dynamic Mode	309
Local Browser Interface: Configure MVR in Dynamic Mode	312
16 Security Management	316
Port Security Concepts	317
Set the Dynamic and Static Limit on Port 1/0/1	318
CLI: Set the Dynamic and Static Limit on Port 1/0/1	318
Local Browser Interface: Set the Dynamic and Static Limit on Port 1/0/1	318
Convert the Dynamic Address Learned from 1/0/1 to a Static Address	320
CLI: Convert the Dynamic Address Learned from 1/0/1 to the Static Address	320
Local Browser Interface: Convert the Dynamic Address Learned from 1/0/1 to the Static Address	320
Create a Static Address	321
CLI: Create a Static Address	321
Local Browser Interface: Create a Static Address	321
Protected Ports	321
CLI: Configure a Protected Port to Isolate Ports on the Switch	322
Local Browser Interface: Configure a Protected Port to Isolate Ports on the Switch	324
802.1x Port Security	327
CLI: Authenticating dot1x Users by a RADIUS Server	328
Local Browser Interface: Authenticating dot1x Users by a RADIUS Server	329
Create a Guest VLAN	333
CLI: Create a Guest VLAN	334
Local Browser Interface: Create a Guest VLAN	335
Assign VLANs Using RADIUS	338
CLI: Assign VLANS Using RADIUS	339
Local Browser Interface: Assign VLANS Using RADIUS	342
Dynamic ARP Inspection	345
CLI: Configure Dynamic ARP Inspection	346
Local Browser Interface: Configure Dynamic ARP Inspection	347
Static Mapping	350
CLI: Configure Static Mapping	350
Local Browser Interface: Configure Static Mapping	351
DHCP Snooping	352
CLI: Configure DHCP Snooping	353
Local Browser Interface: Configure DHCP Snooping	354
Find a Rogue DHCP Server	356
CLI: Find a Rogue DHCP server	356
Local Browser Interface: Find a Rogue DHCP server	357
Enter Static Binding into the Binding Database	359
CLI: Enter Static Binding into the Binding Database	359
Local Browser Interface: Enter Static Binding into the Binding Database	359
Maximum Rate of DHCP Messages	360
CLI: Configure the Maximum Rate of DHCP Messages	360
Local Browser Interface: Configure the Maximum Rate of DHCP Messages	361
IP Source Guard	361
CLI: Configure Dynamic ARP Inspection	362
Local Browser Interface: Configure Dynamic ARP Inspection	364
Command Authorization	367
CLI Example 1: Configure Command Authorization by a TACACS+ Server	367
CLI Example 2: Configure Command Authorization by a RADIUS Server	370
Privileged Exec Command Mode Authorization	373
CLI Example 1: Configure EXEC Authorization by a TACACS+ Server	373
CLI Example 2: Configure EXEC Authorization by a RADIUS Server	376
Accounting	378
CLI: Configure Telnet Command Accounting by a TACACS+ Server	378
Configure Telnet EXEC Accounting by RADIUS Server	379
Use the Authentication Manager to Set Up an Authentication Method List	380
Configure a Dot1x–MAB Authentication Method List with Dot1x–MAB Priority	381
Configure a Dot1x–MAB Authentication Method List with MAB–Dot1x Priority	382
Configure a Dot1x, MAB, and Captive Portal Authentication Method List with Default Priority	382
RADIUS Change of Authorization	384
IPv6 Stateless RA Guard	386
Changing the SSH/Telnet Login Method to Radius	387
CLI: Change the SSH/Telnet Login Method to Radius	387
GUI: Change the SSH/Telnet Login Method to Radius	388
17 MAB	390
MAC Authentication Bypass Concepts	391
Configure MAC Authentication Bypass on a Switch	393
Configure a Network Policy Server on a Microsoft Windows Server 2008 R2 or Later Server	397
Configure an Active Directory on a Microsoft Windows Server 2008 R2 or Later Server	405
Reduce the MAB Authentication Time	407
CLI: Reduce the Authentication Time for MAB	407
Local Browser Interface: Reduce the Authentication Time for MAB	407
18 SNTP	408
Simple Network Time Protocol Concepts	409
Show SNTP (CLI Only)	409
show sntp	409
show sntp client	409
show sntp server	410
Configure SNTP	410
CLI: Configure SNTP	410
Local Browser Interface: Configure SNTP	412
Set the Time Zone (CLI Only)	413
Set the Named SNTP Server	413
CLI: Set the Named SNTP Server	413
Local Browser Interface: Set the Named SNTP Server	414
19 Tools	416
Traceroute	417
CLI: Traceroute	417
Local Browser Interface: Traceroute	418
Configuration Scripting	418
script Command	419
script list Command and script delete Command	419
script apply running-config.scr Command	420
Create a Configuration Script	420
Upload a Configuration Script	420
Pre-Login Banner	421
Create a Pre-Login Banner	421
Port Mirroring	422
CLI: Specify the Source (Mirrored) Ports and Destination (Probe)	422
Local Browser Interface: Specify the Source (Mirrored) Ports and Destination (Probe)	423
Remote SPAN	423
CLI: Enable RSPAN on a Switch	424
Dual Image	426
CLI: Download a Backup Image and Make It Active	427
Local Browser Interface: Download a Backup Image and Make It Active	428
Outbound Telnet	429
CLI: show network	430
CLI: show telnet	430
CLI: transport output telnet	431
Local Browser Interface: Configure Telnet	432
CLI: Configure the Session Limit and Session Time-out	432
Local Browser Interface: Configure the Session Time-out	433
Error Disablement and Automatic Error Recovery	433
Loop Protection	435
Nondisruptive Configuration Management	437
Full Memory Dump	438
20 Syslog	439
Syslog Concepts	440
Show Logging	440
CLI: Show Logging	440
Local Browser Interface: Show Logging	441
Show Logging Buffered	443
CLI: Show Logging Buffered	443
Local Browser Interface: Show Logging Buffered	444
Show Logging Traplogs	444
CLI: Show Logging Traplogs	444
Local Browser Interface: Show Logging Trap Logs	445
Show Logging Hosts	445
CLI: Show Logging Hosts	445
Local Browser Interface: Show Logging Hosts	446
Configure Logging for a Port	446
CLI: Configure Logging for the Port	446
Local Browser Interface: Configure Logging for the Port	447
Email Alerting	448
CLI: Send Log Messages to [email protected] Using Account [email protected]	449
21 Switch Stacks	450
Switch Stack Management and Connectivity	451
Stack Master and Stack Members	451
Stack Master	452
Stack Members	453
Stack Member Numbers	453
Stack Member Priority Values	453
Install and Power-up a Stack	453
Compatible Switch Models	454
Install a Switch Stack	454
Switch Firmware and Firmware Mismatch	455
Upgrade the Firmware	455
Migrate Configuration with a Firmware Upgrade	456
Local Browser Interface: Copy Master Firmware to a Stack Member	457
Stack Switches Using a 10G Copper Port	457
CLI: Configure the 10G Copper Ports as Stack Ports	458
Local Browser Interface: Configure the 10G Copper Ports as Stack Ports	460
Add, Remove, or Replace a Stack Member	461
Add Switches to an Operating Stack	461
Remove a Switch from a Stack	462
Replace a Stack Member	463
Switch Stack Configuration Files	464
Preconfigure a Switch	465
Renumber Stack Members	466
CLI: Renumber Stack Members	466
Local Browser Interface: Renumber Stack Members	467
Move the Stack Master to a Different Unit	468
CLI: Move the Stack Master to a Different Unit	468
Local Browser Interface: Move the Stack Master to a Different Unit	468
22 SNMP	470
Add a New Community	471
CLI: Add a New Community	471
Local Browser Interface: Add a New Community	471
Enable SNMP Trap	472
CLI: Enable SNMP Trap	472
Local Browser Interface: Enable SNMP Trap	472
SNMP Version 3	473
CLI: Configure SNMPv3	473
Local Browser Interface: Configure SNMPv3	474
sFlow	475
CLI: Configure Statistical Packet-Based Sampling of Packet Flows with sFlow	476
Local Browser Interface: Configure Statistical Packet-based Sampling with sFlow	477
Time-Based Sampling of Counters with sFlow	478
CLI: Configure Time-Based Sampling of Counters with sFlow	478
Local Browser Interface: Configure Time-Based Sampling of Counters with sFlow	479
23 DNS	480
Domain Name System Concepts	481
Specify Two DNS Servers	481
CLI: Specify Two DNS Servers	481
Local Browser Interface: Specify Two DNS Servers	482
Manually Add a Host Name and an IP Address	482
CLI: Manually Add a Host Name and an IP Address	482
Local Browser Interface: Manually Add a Host Name and an IP Address	483
24 DHCP Server	484
Dynamic Host Configuration Protocol Concepts	485
Configure a DHCP Server in Dynamic Mode	485
CLI: Configure a DHCP Server in Dynamic Mode	485
Local Browser Interface: Configure a DHCP Server in Dynamic Mode	486
Configure a DHCP Server that Assigns a Fixed IP Address	488
CLI: Configure a DHCP Server that Assigns a Fixed IP Address	488
Local Browser Interface: Configure a DHCP Server that Assigns a Fixed IP Address	489
25 DHCPv6 Server	491
Dynamic Host Configuration Protocol Version 6 Concepts	492
CLI: Configure DHCPv6 Prefix Delegation	493
Local Browser Interface: Configure DHCPv6 Prefix Delegation	494
Configure a Stateless DHCPv6 Server	498
CLI: Configure a Stateless DHCPv6 Server	498
Local Browser Interface: Configure a Stateless DHCPv6 Server	499
Configure a Stateful DHCPv6 Server	502
CLI: Configure a Stateful DHCPv6 Server	502
Local Browser Interface: Configure a Stateful DHCPv6 Server	503
CLI: Set Up a Configuration With a DHCPv6 Server and DHCPv6 Relay	507
Configure the DHCPv6 Server	507
Configure the DHCPv6 Relay	508
26 DVLANs and Private VLANs	510
Double VLANs	511
CLI: Enable a Double VLAN	512
Local Browser Interface: Enable a Double VLAN	512
Private VLAN Groups	515
CLI: Create a Private VLAN Group	516
Local Browser Interface: Create a Private VLAN Group	517
27 STP	521
Spanning Tree Protocol Concepts	522
Configure Classic STP (802.1d)	522
CLI: Configure Classic STP (802.1d)	522
Local Browser Interface: Configure Classic STP (802.1d)	522
Configure Rapid STP (802.1w)	523
CLI: Configure Rapid STP (802.1w)	523
Local Browser Interface: Configure Rapid STP (802.1w)	524
Configure Multiple STP (802.1s)	525
CLI: Configure Multiple STP (802.1s)	525
Local Browser Interface: Configure Multiple STP (802.1s)	526
Configure PVSTP and PVRSTP	527
CLI: Configure PVSTP	529
Local Browser Interface: Configure PVSTP	531
28 Tunnels for IPv6	536
Tunnel Concepts	537
Create a 6in4 Tunnel	537
CLI: Create a 6in4 Tunnel	538
Local Browser Interface: Create a 6in4 Tunnel	539
Create a 6to4 Tunnel	543
CLI: Create a 6to4 Tunnel	544
Local Browser Interface: Create a 6to4 Tunnel	549
29 IPv6 Interface Configuration	562
Create an IPv6 Routing Interface	563
CLI: Create an IPv6 Routing Interface	563
Local Browser Interface: Create an IPv6 Routing Interface	564
Create an IPv6 Routing VLAN	566
CLI: Create an IPv6 Routing VLAN	566
Local Browser Interface: Create an IPv6 VLAN Routing Interface	568
Configure DHCPv6 Mode on the Routing Interface	570
CLI: Configure DHCPv6 mode on routing interface	571
Local Browser Interface: Configure DHCPv6 mode on routing interface	572
30 PIM	574
Protocol Independent Multicast Concepts	575
PIM-DM	575
CLI: Configure PIM-DM	577

Match case Limit results 1 per page

M4300 Series and M4300-96X Fully Managed Switches

Captive Portals

Software Administration Manual

690

Captive Portal Concepts

The captive portal feature is a software implementation that blocks clients from accessing the

network until user verification has been established. You can set up verification to allow

access for both guests and authenticated users. Authenticated users must be validated

against a database of authorized captive portal users before access is granted.

The authentication server supports both HTTP and HTTPS web connections. In addition, you

can configure a captive portal to use an optional HTTP port (in support of HTTP proxy

networks). If configured, this additional port is then used exclusively by the captive portal.

This optional port is in addition to the standard HTTP port 80, which is being used for all other

web traffic.

The captive portal for wired interfaces allows the clients directly connected to the switch to be

authenticated using a captive portal mechanism before the client is given access to the

network. When you enable the captive portal feature on a wired physical port, the port is set

in captive-portal- enabled state such that all the traffic coming to the port from the

unauthenticated clients is dropped except for the ARP, DHCP, DNS, and NETBIOS packets.

The switch forwards these packets so that unauthenticated clients can get an IP address and

resolve the hostname or domain names. Data traffic from authenticated clients goes through,

and the rules do not apply to these packets.

All the HTTP/HTTPS packets from unauthenticated clients are directed to the CPU on the

switch for all the ports for which you enabled the captive portal feature. When an

unauthenticated client opens a web browser and tries to connect to network, the captive

portal redirects all the HTTP/HTTPS traffic from unauthenticated clients to the authenticating

server on the switch. A captive portal web page is sent back to the unauthenticated client.

The client can authenticate. If the client successfully authenticates, the client is given access

to port.

You can enable the captive portal feature on all the physical ports on the switch. It is not

supported for VLAN interfaces, loopback interfaces, or logical interfaces. The captive portal

feature uses MAC-address based authentication and not port-based authentication. This

means that all the clients connected to the captive portal interface must be authenticated

before they can get access to the network.

Clients connecting to the captive portal interface have three states; unknown,

unauthenticated, and authenticated.

•

Unknown

. In the unknown state, the captive portal does not redirect HTTP/S traffic to the

switch, but instead asks the switch whether the client is authenticated or unauthenticated.

•

Unauthenticated

. The captive portal directs the HTTP/S traffic to the switch so that the

client can authenticate with the switch.

•

Authenticated

. After successful authentication, the client is placed in authenticated

state. In this state, all the traffic emerging from the client is forwarded through the switch.