17

Captive Portal

This chapter describes how to configure which HTTP-based network services default to the captive portal page when client makes an initial network connection.

17.1 Captive Portal Overview

A captive portal can intercept all network traffic, regardless of address or port, until the user authenticates his or her connection, usually through a specifically designated login Web page.

17.1.1 Web Authentication Policy Commands

Use these commands to use a custom login page from an external web portal instead of the default one built into the NXC. You can configure the look and feel of the web portal page.

It is recommended to have the external web server on the same subnet as the login users.

Table 51 Web Authentication Policy Commands

COMMAND

DESCRIPTION

[no] web-auth activate

Turns on the captive portal feature. This blocks all network traffic

 

until the client authenticates with the NXC through the external web

 

portal page. The no command turns off the external web portal

 

feature.

web-auth authentication

Sets the authentication method for captive portal.

auth_method

 

web-auth default-rule

Sets the default authentication policy the NXC uses on traffic not

authentication {required

matching any exceptional service or other authentication policy.

unnecessary} {no log log

required: Users need to be authenticated. Users must manually

[alert]}

go to the NXC’s login screen (the NXC does not redirect them to it).

 

unnecessary: Users do not need to be authenticated.

 

no log log [alert]: Select whether to have the NXC

 

generate a log (log), log and alert (log alert) or not (no log) for

 

packets that match this default policy.

web-auth [no] exceptional-service

Lets users access a service without user authentication. The no

service_name

command removes the specified service from the exception list.

 

service_name: the name of network service, such as AH or DNS.

 

 

 

113

NXC CLI Reference Guide