Configuring Access Guardian Using Captive Portal Authentication
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 28-80
Use the unp profile captive-portal-profile command to assign a Captive Portal configuration profile to a
UNP profile. For example:
-> unp profile cp_unp captive-portal-profile cp_p1
Use the show captive-portal profile-names command to display the Captive Portal profile configuration.
For more information about the commands described in this section, see the OmniSwitch AOS Release 8
CLI Reference Guide.
Replacing the Captive Portal Certificate
By default, the OmniSwitch uses a built-in, self-signed certificate for Captive Portal. The certificate is
named “default_cportalCert.pem” and is stored in the “/flash/switch” directory on the switch. To replace
the default certificate with a well known CA certificate, use the following steps:
1 Backup the existing default certificate.
-> cp default_cportalCert.pem default_cportalCert.pem.old
2 Rename the new well known CA certificate file to “default_cportalCert.pem”.
3 Copy the certificate file to the “/flash/switch” directory.
4 Use the captive-portal name command to reload the Web configuration (use the CN name as
specified in the new certificate):
-> captive-portal name CN_name
5 Attempt a captive portal log in to verify the change.
Authenticating with Captive Portal
Access Guardian determines that a client device is a candidate for Web-based authentication if the
following conditions are true:
• The device is connected to a UNP-enabled port.
• The device is assigned to a UNP profile on which Captive Portal authentication is enabled.
When these authentication conditions are met, Access Guardian places the device MAC address into a
Captive Portal pre-login state. In this state, the device is allowed to directly contact a DHCP server to get
an IP address and get the DNS server address.
Next, the user opens a Web browser and the initial HTTP/HTTPS requests are responded to with the
Captive Portal redirect name. The user device contacts the DNS server to resolve the redirect name and
receives the configured Captive Portal IP address. Requests are then sent to the Captive Portal IP address
that is mapped to the internal OmniSwitch Web server. The internal server responds to the HTTP/HTTPS
requests by presenting a Captive Portal login page to the user device.
Note. The certificate must be in the x509 format. To generate an x509 formatted certificate (.pem), perform
the following on a Linux or Unix machine:
1 Have the private key and the CA signed certificate available.
2 Issue the "cat privateKey ca_certificate | tee switch_cert_file”(i.e default_cportalCert.pem) command.
To Next Page
Loading...
