Configuring The Captive Portal Policy - Alcatel-Lucent OmniSwitch 6850-48 Network Configuration Manual
Software release 6
Hide thumbs
Also See for OmniSwitch 6850-48:
- Cli reference manual (3706 pages) ,
- Management manual (312 pages) ,
- Hardware user's manual (188 pages)
Table of Contents
Advertisement
Configuring Access Guardian Policies
Supplicant Policy Command Example
802.1x 3/10 non-supplicant policy vlan 43 block
802.1x 1/10 non-supplicant policy user-network-
profile Engineering block
Configuring the Captive Portal Policy
The Captive Portal device classification policy is similar to supplicant and non-supplicant policies in that it
determines the VLAN assignment for devices that were not assigned a VLAN through authentication or
for devices that failed 802.1x or MAC authentication. The difference is that the Captive Portal policy is
only invoked as a result of web-based authentication; supplicant and non-supplicant policies are triggered
off of 802.1x port-based authentication.
Web-based authentication is configured by specifying Captive Portal as a pass or fail case for port-based
supplicant and non-supplicant policies (see
uring Non-supplicant Policies" on page 34-26
process is complete, the Captive Portal policy classifies the device into a specific VLAN based on the
results of that process.
When 802.1x is enabled for a port, a default supplicant, non-supplicant, and Captive Portal policy is auto-
matically configured for the port. The default Captive Portal policy assigns a device to the default VLAN
for the port if authentication was successful but did not return a VLAN ID or blocks a device on the port if
the device failed authentication. As a result, it is only necessary to change the policy if the default pass and
fail cases are not sufficient.
To change the Captive Portal policy configuration, use the
command. The following keywords are available with this command to specify one or more policies for
classifying devices.
Captive Portal keywords
group-mobility
user-network-profile
vlan
default-vlan
block
pass
fail
Note the following when configuring Captive Portal policies:
•
The captive-portal parameter is not an option with this type of policy, as it is not possible to next
Captive Portal policies. In addition, the captive-portal parameter is used only in supplicant and non-
supplicant policies to invoke web-based authentication, not to classify a device for VLAN assignment.
page 34-30
Description
No authentication process is performed.but the fol-
lowing classification still occurs:
1
2
No authentication process is performed.but the fol-
lowing classification still occurs:
1
2
"Configuring Supplicant Policies" on page 34-23
for more information). When the web-based authentication
OmniSwitch AOS Release 6 Network Configuration Guide
Configuring Access Guardian
If VLAN 43 exists and is not an authenticated
VLAN, then the device is assigned to
VLAN 43.
If VLAN 43 does not exist or is an authenti-
cated VLAN, then the device is blocked from
accessing the switch on port 3/10.
The "Engineering" UNP is applied.
If applying the UNP fails, the user is blocked
from accessing the switch on port 1/10.
802.1x captive-portal policy authentication
and
"Config-
September 2009
Hide quick links:
Advertisement
Table of Contents
