Configuring Captive Portal Authentication - Alcatel-Lucent OmniSwitch 6850-48 Network Configuration Manual

Configuring Captive Portal Authentication

Configuring Captive Portal Authentication
Captive Portal authentication allows Web browser clients to authenticate through the switch using 802.1x
or MAC authentication via a RADIUS server. The following configuration tasks describe how to set up
Captive Portal authentication for the switch and on client devices:
•
Avoid using the 10.123.0.0/16 subnet within the network. This subnet is used exclusively by the
Captive Portal feature to redirect DNS requests to the Captive Portal login screen (Captive Portal IP
10.123.0.1) and to assign a temporary IP address for a client device that is attempting web-based
authentication.
If a different Captive Portal subnet is required to avoid a conflict within the IP network, use the
captive-portal address
octet is the only configurable part of the Captive Portal IP address that is allowed.
•
Make sure a standard browser is available on the client device. No specialized client software is
required. The following Web browser software is supported (note that only HTTPS is supported at this
time):
Platform
Windows XP
Windows Vista
Linux
•
Configure the homepage URL for the client browser. The Captive Portal authentication process
responds only to browser queries that contain the "www", "http", or "https" prefix in the URL. As a
result, it is necessary to configure the homepage URL for the browser with at least one of these three
prefixes.
•
Configure a specific proxy server URL. Captive Portal looks for the word "proxy" to identify the
proxy server URL used by the client. If this URL does not contain the word "proxy", use the
auth-server-down
•
Configure an 802.1x device classification policy for Captive Portal authentication. A supplicant or
non-supplicant policy configured with Captive Portal as a pass or fail condition is required to invoke
Captive Portal authentication. For more information, see
page 34-23 and "Configuring Non-supplicant Policies" on page
•
Configure a Captive Portal device classification policy. A separate Captive Portal policy is required
to classify devices when successful web-based authentication does not return a VLAN ID or authenti-
cation fails. For more information, see
•
Configure the Captive Portal session time limit. This time limit determines the length of the Captive
Portal login session. When this time limit expires, the user is automatically logged out and network
access is blocked. For more information, see
page 34-33.
•
Configure the number of Captive Portal login attempts allowed. This number determines the
number of failed login attempts a user is allowed when initiating a Captive Portal session. For more
information, see "Configuring Captive Portal Session Parameters" on page
page 34-32
command to change the second octet of this IP address. Note that the second
Web Browser Software
IE6 and IE7; Firefox2 and Firefox3
IE7; Firefox2 and Firefox3
Firefox2 and Firefox3
command to specify the URL address to use.
"Configuring the Captive Portal Policy" on page
OmniSwitch AOS Release 6 Network Configuration Guide
Java Version
Java 1.6 updates 5 through 12
Java 1.6 updates 5 through 12
Java 1.6 updates 5 through 12
"Configuring Supplicant Policies" on
34-26.
"Configuring Captive Portal Session Parameters" on
Configuring Access Guardian
802.1x
802.1x
34-30.
34-33.
September 2009