Configuring Captive Portal | NETGEAR WFS709TP-100NAS guide

WFS709TP ProSafe Smart Wireless Switch Software Administration Manual

If an appropriate server certificate is not installed in the WFS709TP, wireless clients that use Captive Portal may see a Security Alert message when logging in (Figure 8-1).

Figure 8-1

To prevent this message from appearing on clients, install a valid server certificate as described in “Installing a Server Certificate” on page 13-19.

You enable Captive Portal on a per-ESSID basis. Captive Portal users are initially allowed only DNS, DHCP, and HTTP or HTTPS connections to the network. Upon authentication, Captive Portal users are allowed full access to their assigned VLAN.

Note: MAC-based authentication, if enabled on the WFS709TP, takes precedence over Captive Portal authentication. If you use Captive Portal, do not enable MAC-based

authentication.

Configuring Captive Portal

The following are the basic tasks for configuring Captive Portal in the base operating system:

•Configure the Captive Portal for guest or authenticated users. In the base operating system, you enable Captive Portal on a per-ESSID basis.

•If you are using Captive Portal to authenticate users, configure the authentication server that will be used to validate users. The authentication server can be either an external server or the WFS709TP’s internal database.

8-2	Configuring the Captive Portal

v1.0, June 2007

Image 134

NETGEAR WFS709TP-100NAS manual Configuring Captive Portal

Contents

NETGEAR, Inc Statement of Conditions Technical SupportTrademarks Certificate of the Manufacturer/Importer Europe United StatesCanada Japan Australia/New Zealand Lithium Battery Safety NoticeKorea Rest of World European Union RoHS China RoHS Model Number Publication Date June Product Family Wireless Product NameProduct and Publication Details Contents Chapter Configuring Network Parameters Chapter Configuring Wlans Chapter Configuring MAC-Based Authentication Appendix a Configuring Dhcp with Vendor-Specific Options Appendix D Related Documents Index About This Manual Conventions, Formats, and Scope How to Use This Manual How to Print this Manual Revision History Xvi About This Manual WFS709TP System Components Netgear ProSafe Access PointsChapter Overview of the WFS709TP WFS709TP WFS709TP Data center Automatic RF Channel and Power Settings Wireless clients FloorWiring closet Internet WFS709TP ProSafe Switches RF Monitoring V1.0, June Netgear Wireless APs Local WFS709TP Master WFS709TP WFS709TP Software Basic Wlan Configuration Authentication V1.0, June Encryption Encryption Options by Authentication MethodAuthentication Method Encryption Option Vlan Floor Wiring closet Internet Netgear AP Wireless Client Access to the Wlan Association 802.1x Authentication Captive Portal MAC Address Authentication Client Mobility and AP Association Configuring and Managing the WFS709TP V1.0, June Browser Interface Tools Configuration ToolTools Menu Description Configuration Pages Basic Wlan V1.0, June Chapter Deploying a Basic WFS709TP System Configuration OverviewRouter is default gateway for WFS709TP and clients Deployment Scenario #1 Deployment Scenario #2 Run the initial setup seeRun the Initial Setup on Deployment Scenario #3 Configuring the WFS709TP Run the Initial Setup V1.0, June Configure the Switch for the Access Points V1.0, June Configure a Vlan for Network Connection Create the Vlan Configure the Trunk Port Configure the Default Gateway Connect the WFS709TP to the Network Configure the Loopback for the WFS709TP Deploying APs Enable APs to Connect to the WFS709TP Enable APs to Obtain IP Addresses Locate the WFS709TP V1.0, June Install APs Provision APs V1.0, June Additional Configuration Creating a Vlan Chapter Configuring Network ParametersConfiguring VLANs Assigning a Static Address to a Vlan To local Configuring a Vlan to Receive a Dynamic AddressCable modem or Bras Internet DNS/WINS Server from Dhcp Default Gateway from DhcpEnabling the Dhcp Client Configuring Static Routes Configuring the Loopback IP Address V1.0, June V1.0, June Chapter RF Plan RF Plan Overview Planning Requirements Before You BeginTask Overview Using RF Plan Building Specification Overview Building List Building Dimension V1.0, June AP Modeling Parameters Design Model Radio TypeOverlap Factor Rates AM Modeling ParametersUsers Planning Floors Monitor Rates Zoom Floor Editor Dialog Box CoverageCoverage Rate Area Editor Dialog Box V1.0, June Access Point Editor V1.0, June AP Planning Initialize Start Viewing the Results AM Planning Exporting and Importing Files Export Buildings Locate Import Buildings RF Plan Example Sample Building Text Box Information Building Planning SpecificationsCreate a Building Model the Access Points Model the Air Monitors Add and Edit a Floor Defining Areas Create a Don’t Care Area Create a Don’t Deploy Area Running the AP Plan Running the AM Plan Click Save V1.0, June Chapter Configuring Wlans Method Description Determine the Authentication MethodAuthentication Methods Authentication Type Authentication Servers Authentication ServerSupported Authentication Servers by Authentication Types Internal DB Basic Wlan Configuration in the Browser Interface Determine the Default Vlan V1.0, June Wlan Basic Configuration Parameters Parameter Definition Example Configuration Parameter Definition V1.0, June Advanced Wlan Configuration in the Browser Interface Configuring Global Parameters Configuring Location-Specific Parameters Add or Modify SSIDs Default Ssid Advanced Ssid Configuration Settings Configure AP Information V1.0, June Configuring Radio Settings V1.0, June V1.0, June Example Configuration V1.0, June Advantages of Using IRM Channel SettingPower Setting IntelliFi RF Management Configuring IRM V1.0, June V1.0, June Radius Server Configuration Information Chapter Configuring AAA ServersConfiguring an External Radius Server Parameter Description Configuring AAA Servers Adding Users to the Internal Database Internal Database Entry Information Configuring Authentication Timers Logon User Lifetime V1.0, June V1.0, June Chapter Configuring 802.1x Authentication 802.1x Authentication Network authentication Data encryption Authentication with a Radius ServerAuthentication Client User Authentication Terminated on WFS709TPAuthentication via Internal database Configuring 802.1x Authentication Parameter Description Default 802.1x Authentication1x Authentication Browser Interface Page Options Advanced Configuration Options for Advanced Authentication Fields Field Description Default 500 Chapter Configuring the Captive Portal Overview of Captive Portal Functions Configuring Captive Portal Configuring Advanced Captive Portal Options Enabled Configuring the AAA Server for Captive Portal Changing the Protocol to Http Personalizing the Captive Portal V1.0, June V1.0, June Configuring MAC-Based Authentication Configuring Users V1.0, June V1.0, June Moving to a Multi-Switch Environment Chapter Adding Local WFS709TPs Configuring L2/L3 Settings Configuring Local WFS709TPsConfiguring the Local WFS709TP Configuring Trusted Ports Configuring APs Rebooting APs Virtual Router Redundancy Protocol Chapter Configuring RedundancyRedundancy Configuration Configuring Local WFS709TP Redundancy Vrrp Parameters for Local WFS709TP Redundancy Parameter Explanation Expected or Recommended Values Master WFS709TP Redundancy Vrrp Associations Association Function Switch IDMaster-Local WFS709TP Redundancy Layer MasterVlan 1, 2, ... N Network Configuring Redundancy 11-7 11-8 Configuring Redundancy Configuring Wireless Intrusion Protection Rogue/Interfering AP Detection Enabling AP Learning Classifying APs Configuring Wireless Intrusion Protection 12-3 FIeld Description Configuring Rogue AP DetectionAP Classifications Valid Channel Types Misconfigured AP DetectionConfiguring Misconfigured AP Protection 12-6 Configuring Wireless Intrusion Protection Chapter Configuring Management Utilities Configuring Management Users Basic WFS709TP Snmp Parameters Configuring SnmpSnmp for the WFS709TP Field Description Expected/Recommended Value SNMPv3 User Details Snmp for Access Points Basic Access Point Snmp Parameters Field Description Expected/Recommended Values SNMPv3 Access Point User Details Traps on page 13-9 for a complete list Configuring Management Utilities 13-7 13-8 Configuring Management Utilities WFS709TP Snmp Traps Snmp TrapsWFS709TP Traps Trap Description Priority Level Access Point/Air Monitor Traps Access Point Snmp Traps Configuring Management Utilities 13-11 Module Description Configuring LoggingWFS709TP Modules Configuring Management Utilities 13-13 Creating Guest Accounts Configuring Management Utilities 13-15 Servers for File Transfer Server Type ConfigurationManaging Files on the WFS709TP Managing Image Files Backing Up and Restoring the Flash File System Copying Log Files Copying Other Files Installing a Server Certificate 13-20 Configuring Management Utilities Chapter Configuring WFS709TP for Voice Voice over IP Proxy ARP Battery Boost Limiting the Number of Active Voice Calls WPA Fast Handover Appendix a Configuring Dhcp with Vendor-Specific Options Overview Configuring Option Windows-Based Dhcp Servers Figure A-1 Linux Dhcp Servers Figure A-2 V1.0, June V1.0, June Appendix B Windows Client Example Configuration for Window XP Wireless Client Example Configuration Figure B-1 V1.0, June Figure B-3 Figure B-4 Figure B-5 Figure B-6 V1.0, June Appendix C Internal Captive Portal Creating a New Internal Web Password Username Basic Html Example Html Head Body Installing a New Captive Portal Displaying Authentication Error Message V1.0, June Language Customization Head TitlePortal Login/title Replace this with a link like the following Div id=errorbox style=display none V1.0, June Figure C-1shows a sample of a translated Customizing the Welcome Figure C-2 V1.0, June Customizing the Pop-Up Box Customizing the Logged Out Box V1.0, June Appendix D Related Documents Document Link V1.0, May Index Numbers Netgear FrameMaker Templates for the Reference Print Manual Index Index-3 Index-4