Configuring Access Guardian Using Captive Portal Authentication
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-77
• “Using Captive Portal Configuration Profiles” on page 28-79
• “Authenticating with Captive Portal” on page 28-80.
Configuration Tasks and Guidelines
Consider the following tasks and guidelines when configuring the internal Captive Portal feature:
• Define and map the RADIUS server to use for internal Captive Portal authentication. The switch
needs to know which RADIUS server to access to validate user credentials received through the
Captive Portal Web pages. This is done through the authentication, authorization, and accounting
(AAA) feature on the switch. See “Setting Authentication Parameters for the Switch” on page 28-32
for more information
• Enable the AAA session timer for Captive Portal. The session timer determines the amount of time
a Captive Portal login session can remain active. By default, this timer is disabled and must be enabled
for Captive Portal sessions. When enabled, the session timeout value defaults to 12 hours. To enable
the session timer and change the timer value, if necessary, use the aaa session-timeout command.
• Configure additional Captive Portal session parameters. Default parameter values are in place to
determine specific settings that apply to Captive Portal sessions, such as the number of login attempts
allowed and an inactivity time limit. It is only necessary to change these global settings if the default
values are not sufficient. See “Configuring Authentication Session Parameters” on page 28-33 for more
information.
• Configure a Captive Portal redirect URL. The switch responds to initial HTTP/HTTPS requests
from the user with a redirect URL. By default, this URL is set to “captive-portal.com”. To change the
redirect URL, use the captive-portal name command. To replace the default certificate with a well-
known CA certificate, see “Replacing the Captive Portal Certificate” on page 28-80.
• Configure a Captive Portal IP address. A user device contacts the DNS server to resolve the Captive
Portal redirect URL and receives the Captive Portal IP address. This address must be configured on the
switch and match the address returned from the DNS server. Use the captive-portal ip-address
command to configure this address for the switch.
• Configure a custom proxy port number for Captive Portal sessions. Optionally, use the captive-
portal proxy-server-port command to specify a proxy port number other than 8080 (the default).
• Configure a UNP profile with Captive Portal authentication enabled. The OmniSwitch Captive
Portal process is triggered when a user device is classified into a profile on which Captive Portal
authentication is enabled. For more information, see “Configuring UNP Profiles” on page 28-51.
• Assign the QoS policy list to change the user role. Captive Portal is a post-authentication and/or
classification process that is used to dynamically change the user role (QoS policy list applied to the
user). After the user successfully logs in, the RADIUS server returns a new policy list or UNP profile
to apply to the user device. If the RADIUS server does not return a policy list or profile name, then the
QoS policy list or profile name specified through the captive-portal authentication-pass command is
used instead. This command can also be used to specify a domain-specific policy (the policy list or
UNP profile is only applied to user devices from a specific domain).
• Configure a redirect URL for successful Captive Portal login. Optionally, use the captive-portal
success-redirect-url command to redirect a user to a specific site after the user successfully logs in
through the Captive Portal session. By default, no Captive Portal success redirect URL is configured.
Note. Make sure the DNS server configuration reflects the same Captive Portal redirect URL name and
IP address that is configured for the OmniSwitch.
To Next Page
Loading...
