Netgear M4300-24X24F (XSM4348S) - Stackable Managed Switch with 48x10G including 24x10GBASE-T and 24xSFP+ Layer 3 Guia Do Administrador
Captive Portals
664
Managed Switches
Captive Portal Concepts
The captive portal feature is a software implementation that blocks clients from accessing the
network until user verification has been established. You can set up verification to allow
access for both guests and authenticated users. Authenticated users must be validated
against a database of authorized captive portal users before access is granted.
network until user verification has been established. You can set up verification to allow
access for both guests and authenticated users. Authenticated users must be validated
against a database of authorized captive portal users before access is granted.
The authentication server supports both HTTP and HTTPS web connections. In addition, you
can configure a captive portal to use an optional HTTP port (in support of HTTP proxy
networks). If configured, this additional port is then used exclusively by the captive portal.
This optional port is in addition to the standard HTTP port 80, which is being used for all other
web traffic.
can configure a captive portal to use an optional HTTP port (in support of HTTP proxy
networks). If configured, this additional port is then used exclusively by the captive portal.
This optional port is in addition to the standard HTTP port 80, which is being used for all other
web traffic.
The captive portal for wired interfaces allows the clients directly connected to the switch to be
authenticated using a captive portal mechanism before the client is given access to the
network. When you enable the captive portal feature on a wired physical port, the port is set
in captive-portal- enabled state such that all the traffic coming to the port from the
unauthenticated clients is dropped except for the ARP, DHCP, DNS, and NETBIOS packets.
The switch forwards these packets so that unauthenticated clients can get an IP address and
resolve the hostname or domain names. Data traffic from authenticated clients goes through,
and the rules do not apply to these packets.
authenticated using a captive portal mechanism before the client is given access to the
network. When you enable the captive portal feature on a wired physical port, the port is set
in captive-portal- enabled state such that all the traffic coming to the port from the
unauthenticated clients is dropped except for the ARP, DHCP, DNS, and NETBIOS packets.
The switch forwards these packets so that unauthenticated clients can get an IP address and
resolve the hostname or domain names. Data traffic from authenticated clients goes through,
and the rules do not apply to these packets.
All the HTTP/HTTPS packets from unauthenticated clients are directed to the CPU on the
switch for all the ports for which you enabled the captive portal feature. When an
unauthenticated client opens a web browser and tries to connect to network, the captive
portal redirects all the HTTP/HTTPS traffic from unauthenticated clients to the authenticating
server on the switch. A captive portal web page is sent back to the unauthenticated client.
The client can authenticate. If the client successfully authenticates, the client is given access
to port.
unauthenticated client opens a web browser and tries to connect to network, the captive
portal redirects all the HTTP/HTTPS traffic from unauthenticated clients to the authenticating
server on the switch. A captive portal web page is sent back to the unauthenticated client.
The client can authenticate. If the client successfully authenticates, the client is given access
to port.
You can enable the captive portal feature on all the physical ports on the switch. It is not
supported for VLAN interfaces, loopback interfaces, or logical interfaces. The captive portal
feature uses MAC-address based authentication and not port-based authentication. This
means that all the clients connected to the captive portal interface must be authenticated
before they can get access to the network.
supported for VLAN interfaces, loopback interfaces, or logical interfaces. The captive portal
feature uses MAC-address based authentication and not port-based authentication. This
means that all the clients connected to the captive portal interface must be authenticated
before they can get access to the network.
Clients connecting to the captive portal interface have three states; unknown,
unauthenticated, and authenticated.
unauthenticated, and authenticated.
•
Unknown. In the unknown state, the captive portal does not redirect HTTP/S traffic to the
switch, but instead asks the switch whether the client is authenticated or unauthenticated.
switch, but instead asks the switch whether the client is authenticated or unauthenticated.
•
Unauthenticated. The captive portal directs the HTTP/S traffic to the switch so that the
client can authenticate with the switch.
client can authenticate with the switch.
•
Authenticated. After successful authentication, the client is placed in authenticated
state. In this state, all the traffic emerging from the client is forwarded through the switch.