Filter
Top Products
Configuring System Information 195
Captive Portal
The Captive Portal (CP) feature allows you to block clients directly connected to the switch from
accessing the network until user verification has been established. You can configure CP verification to
allow access for both guest and authenticated users. Authenticated users must be validated against a
database of authorized Captive Portal users before access is granted. The database can be stored locally
on the switch or on a RADIUS server.
When a port is enabled for Captive Portal, all the traffic coming onto the port from the unauthenticated
clients are dropped except for the ARP, DHCP, DNS and NETBIOS packets. These packets are allowed to
be forwarded by the switch so that the unauthenticated clients can get an IP address and be able to
resolve the hostname or domain names. Data traffic from authenticated clients goes through as
expected. If an unauthenticated client opens a web browser and tries to connect to network, the Captive
Portal redirects all the HTTP/HTTPS traffic from unauthenticated clients to the authenticating server
on the switch. A Captive portal web page is sent back to the unauthenticated client and the client can
authenticate and based upon the authentication the client is given access to the port.
NOTE: For information about the CLI commands you use to view and configure Captive Portal settings, refer to the
Captive Portal Commands chapter in the CLI Reference Guide.
The Captive Portal folder contains links to the following pages that help you view and configure system
Captive Portal settings:
• CP Global Configuration
• CP Configuration
• CP Web Customization
•Local User
dos-control sipdip Enables Source IP Address = Destination IP Address (SIP=DIP)
Denial of Service protection.
dos-control tcpflag Enables TCP Flag Denial of Service protections.
dos-control tcpfrag Enables TCP Fragment Denial of Service protection.
ip icmp echo-reply Enables or disables the generation of ICMP Echo Reply messages.
ip icmp error-interval Limits the rate at which IPv4 ICMP error messages are sent.
ip icmp unreachables Enables the generation of ICMP Destination Unreachable messages.
ip icmp redirects Enables the generation of ICMP Redirect messages.
ipv6 icmp error-internal Limits the rate at which ICMPv6 error messages are sent.
ipv6 unreachables Enables the generation of ICMPv6 Destination Unreachable messages.
show dos-control Displays Denial of Service configuration information.
Table 6-37. Denial of Service Configuration Commands
CLI Command Description