Configuring Captive Portal Authentication Configuring Access Guardian
page 34-32 OmniSwitch AOS Release 6 Network Configuration Guide September 2009
Configuring Captive Portal Authentication
Captive Portal authentication allows Web browser clients to authenticate through the switch using 802.1x
or MAC authentication via a RADIUS server. The following configuration tasks describe how to set up
Captive Portal authentication for the switch and on client devices:
• Avoid using the 10.123.0.0/16 subnet within the network. This subnet is used exclusively by the
Captive Portal feature to redirect DNS requests to the Captive Portal login screen (Captive Portal IP
10.123.0.1) and to assign a temporary IP address for a client device that is attempting web-based
authentication.
If a different Captive Portal subnet is required to avoid a conflict within the IP network, use the 802.1x
captive-portal address command to change the second octet of this IP address. Note that the second
octet is the only configurable part of the Captive Portal IP address that is allowed.
• Make sure a standard browser is available on the client device. No specialized client software is
required. The following Web browser software is supported (note that only HTTPS is supported at this
time):
• Configure the homepage URL for the client browser. The Captive Portal authentication process
responds only to browser queries that contain the “www”, “http”, or “https” prefix in the URL. As a
result, it is necessary to configure the homepage URL for the browser with at least one of these three
prefixes.
• Configure a specific proxy server URL. Captive Portal looks for the word “proxy” to identify the
proxy server URL used by the client. If this URL does not contain the word “proxy”, use the 802.1x
auth-server-down command to specify the URL address to use.
• Configure an 802.1x device classification policy for Captive Portal authentication. A supplicant or
non-supplicant policy configured with Captive Portal as a pass or fail condition is required to invoke
Captive Portal authentication. For more information, see “Configuring Supplicant Policies” on
page 34-23 and “Configuring Non-supplicant Policies” on page 34-26.
• Configure a Captive Portal device classification policy. A separate Captive Portal policy is required
to classify devices when successful web-based authentication does not return a VLAN ID or authenti-
cation fails. For more information, see “Configuring the Captive Portal Policy” on page 34-30.
• Configure the Captive Portal session time limit. This time limit determines the length of the Captive
Portal login session. When this time limit expires, the user is automatically logged out and network
access is blocked. For more information, see “Configuring Captive Portal Session Parameters” on
page 34-33.
• Configure the number of Captive Portal login attempts allowed. This number determines the
number of failed login attempts a user is allowed when initiating a Captive Portal session. For more
information, see “Configuring Captive Portal Session Parameters” on page 34-33.
Platform Web Browser Software Java Version
Windows XP IE6 and IE7; Firefox2 and Firefox3 Java 1.6 updates 5 through 12
Windows Vista IE7; Firefox2 and Firefox3 Java 1.6 updates 5 through 12
Linux Firefox2 and Firefox3 Java 1.6 updates 5 through 12
To Next Page
Loading...
