Netgear XSM4324FS Software Administration Manual Software Version 12.x - Page 690
Captive Portal Concepts
View all Netgear XSM4324FS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 690 highlights
M4300 Series and M4300-96X Fully Managed Switches Captive Portal Concepts The captive portal feature is a software implementation that blocks clients from accessing the network until user verification has been established. You can set up verification to allow access for both guests and authenticated users. Authenticated users must be validated against a database of authorized captive portal users before access is granted. The authentication server supports both HTTP and HTTPS web connections. In addition, you can configure a captive portal to use an optional HTTP port (in support of HTTP proxy networks). If configured, this additional port is then used exclusively by the captive portal. This optional port is in addition to the standard HTTP port 80, which is being used for all other web traffic. The captive portal for wired interfaces allows the clients directly connected to the switch to be authenticated using a captive portal mechanism before the client is given access to the network. When you enable the captive portal feature on a wired physical port, the port is set in captive-portal- enabled state such that all the traffic coming to the port from the unauthenticated clients is dropped except for the ARP, DHCP, DNS, and NETBIOS packets. The switch forwards these packets so that unauthenticated clients can get an IP address and resolve the hostname or domain names. Data traffic from authenticated clients goes through, and the rules do not apply to these packets. All the HTTP/HTTPS packets from unauthenticated clients are directed to the CPU on the switch for all the ports for which you enabled the captive portal feature. When an unauthenticated client opens a web browser and tries to connect to network, the captive portal redirects all the HTTP/HTTPS traffic from unauthenticated clients to the authenticating server on the switch. A captive portal web page is sent back to the unauthenticated client. The client can authenticate. If the client successfully authenticates, the client is given access to port. You can enable the captive portal feature on all the physical ports on the switch. It is not supported for VLAN interfaces, loopback interfaces, or logical interfaces. The captive portal feature uses MAC-address based authentication and not port-based authentication. This means that all the clients connected to the captive portal interface must be authenticated before they can get access to the network. Clients connecting to the captive portal interface have three states; unknown, unauthenticated, and authenticated. • Unknown. In the unknown state, the captive portal does not redirect HTTP/S traffic to the switch, but instead asks the switch whether the client is authenticated or unauthenticated. • Unauthenticated. The captive portal directs the HTTP/S traffic to the switch so that the client can authenticate with the switch. • Authenticated. After successful authentication, the client is placed in authenticated state. In this state, all the traffic emerging from the client is forwarded through the switch. Captive Portals 690 Software Administration Manual