126 Device Security
In the unknown state, the CP doesn't redirect HTTP/S traffic to the switch, but queries the switch to
determine whether the client is authenticated or unauthenticated.
In the Unauthenticated state, the CP directs the HTTP/S traffic to the switch to allow the client to
authenticate with the switch.
Once the client is authenticated, the client is placed in Authenticated state; in this state all the traffic
emerging from the client will be forwarded through the switch.
Captive Portal Configuration, Status and Statistics
This section describes the configurations, status, and statistics that can be viewed by a network
administrator.
Captive Portal customized web pages are only configurable via the Web Interface. Otherwise, the
configurations included in this section are managed using the standard management interfaces (Web,
CLI, and SNMP).
Captive Portal Configuration
The Captive Portal configuration allows the network administrator to control:
• Verification and authentication
• Assignment to interfaces
• Client sessions
• Web page customization
The administrator can create up to 10 captive portal configuration instances. Each configuration
contains flags and definitions for controlling client access, and content used to customize the user
verification web page. A captive portal configuration can be applied to one or more interfaces. An
interface may only be a physical port on the switch.
Client Access, Authentication, and Control
User verification can be configured to allow access for guest users; users that do not have assigned user
names and passwords. User verification can also be configured to allow access for authenticated users.
Authenticated users are required to enter a valid user name and password that are validated against the
local database or a RADIUS server. Network access is granted once user verification has been confirmed.
The administrator can block access to a captive portal configuration. When an instance is blocked, no
client traffic is allowed through any associated interfaces. Blocking a captive portal instance is a
temporary command executed by the administrator (not saved in the configuration).
When using Local authentication, the administrator provides user identities for Captive Portal by adding
unique user names and passwords to the Local User Database.
This configuration is global to the captive portal component and can contain up to 128 user entries (a
RADIUS server should be used if more users are required). A local user can belong to only one group.
There is one group created by default with the group name "Default" to which all new users are assigned.