Manualshelf

Technical data

ManualsBrandsMeru Networks ManualsComputer equipmentOAP180
191192193194195196197198199200
© 2012 Meru Networks, Inc. Captive Portals for Temporary Users 169
Chapter 10
Captive Portals for Temporary Users
If you want to give limited wireless access to a group of users, use Captive Portal.
Captive Portal is a feature designed to isolate temporary users on a network, for
example guests in a company or students using a library. If Captive Portal is enabled,
the HTTP protocol over Secure Socket Layer (SSL, also known as HTTPS) provides an
encrypted login interchange with the Radius server until the user is authenticated
and authorized. During this interchange, all traffic with the CLIent station except
DHCP, ARP, and DNS packets is dropped until access is granted. If access is not
granted, the user is unable to leave the Captive Portal login page. If access is
granted, the user is released from the Captive Portal page and is allowed to enter
the WLAN. This section provides instructions to both implement Captive Portal and
customize the GUI pages for Meru Captive Portal. Guest Login is disabled by default
and requires privilege level 1 (lowest level). You can either Configuring Meru Captive
Portal or use Third-Party Captive Portal Solutions.
Configuring Meru Captive Portal
To implement the built-in Captive Portal feature, complete these tasks (only two
tasks are required). The Captive Portal configuration tasks are:
Optionally Customize and Use Your Own HTML Pages
Configure Meru Captive Portal with the CLI or Configure Meru Captive Portal with
the CLI
For authentication, either Configure a Radius Server for Captive Portal
Authentication or Create Meru Captive Portal Guest User IDs Locally
Optionally Configure Pre-Authentication Captive Portal Bypass
Note:
The Radius attributes for Dynamic VLAN assignment (Tunnel-Type,
Tunnel-Medium-Type, and Tunnel-Private-Group-ID, see the command vlan
support) are not supported and are ignored if returned as part of the Radius
exchange.
Captive Portal does not support bridged profiles.
Security logging must be set to on before passthrough will work. Also, security
logging has to be toggled of/on for any new settings to take effect.