Table of Contents
Advertisement
Configuring Access Guardian
14
Enable Captive Portal for the UNP profile and assign the Captive Portal profile to the same UNP
profile.
-> unp profile guest captive-portal-authentication
-> unp profile guest captive-portal-profile cp-profile
How it Works
In this example, traffic arriving on the UNP port triggers the following process on the switch:
•
Authentication and classification are disabled on the UNP port, so the client is assigned to the default
UNP profile and associated VLAN.
•
Because the default UNP profile (associated with the port template assigned to the UNP port) is
enabled for Captive Portal authentication, the Captive Portal authentication process is triggered.
•
The client is placed into a built-in Captive Portal pre-login role which does the following:
– Allows the client network access only for DHCP, DNS, ARP, and ICMP traffic.
– Traps and redirects client HTTP/HTTPS traffic to the internal Captive Portal Web server on the
switch. The Captive Portal server name and IP address was resolved by the client through DNS.
– Client is presented with an internal Captive Portal login page.
– Client enters user credentials which are then authenticated through the RADIUS server designated
for Captive Portal authentication.
•
Successful Captive Portal authentication results in the assignment of a policy list that was returned
from the RADIUS server or specified through the Captive Portal authentication pass configuration.
•
The client remains in the "guest" UNP profile assigned to VLAN 30 and is presented with a Captive
Portal login status page.
•
If Captive Portal authentication fails, the client remains in the built-in Captive Portal pre-login role.
Application Example 4: Supplicant/Non-supplicant with Captive
Portal Authentication
In this example, network access control is provided for corporate devices and guest devices trying to
access the network on the same port. The scenarios covered in this example are as follows:
•
Corporate supplicant device.
– Passes 802.1X authentication.
– Is assigned a UNP corporate profile with an associated VLAN.
•
Corporate user with non-supplicant, non-corporate device.
– Does not trigger 802.1X authentication.
– Fails MAC authentication.
– When MAC authentication fails and classification is not enabled, a default UNP profile associated
with the UNP port will be assigned. Captive Portal authentication is enabled for the default profile.
– The Captive Portal authentication pass condition may apply a new access policy list or the access
policy list associated with the default profile is applied.
OmniSwitch AOS Release 8 Network Configuration Guide
Access Guardian Application Examples
December 2017
page 28-101
- Quick Links:
- Ethernet Port Defaults
Hide quick links:
Advertisement
Table of Contents
