Protocol and feature details

Captive portal is a client based solution that provides clients with internet or intranet access based on http or https redirection. The client first gets authenticated using MAC or 802.1X authentication which results in application of the captive portal profile. The switch then redirects the http or https request to the Captive Portal server for user registration. Finally, with Change of Authorization (CoA) using the Port Bounce VSA or Disconnect Message from the RADIUS server, MAC, or 802.1X authentication occurs, providing the authenticated client with appropriate access.

Captive portal is only supported for clients authenticated through RADIUS servers.
Captive portal supports both IPv4 and IPv6.

For captive portal http or https redirection to occur, the client must meet the following requirements:

The end client must be successfully authenticated with either MAC or 802.1X based authentication.
The end client must be assigned a role that includes a configured captive portal profile.
The end client should be successfully authenticated on captive portal server.
"Client" refers to the end user client (for example a laptop or any device that connects to a switch port expecting authentication to a captive portal server).

Protocol and feature details

Workflow: