Captive Portal

Okapi > Miscellaneous > Captive Portal

Introduction

Okapi's captive portal technique forces an HTTP client on a network to see a special web page for authentication purposes before using the Internet normally. This is done by intercepting all packets, regardless of address or port, until the user opens a browser and tries to access the Internet. At that time the browser is redirected to a web page requires authentication.

Network Diagram

Configuration

ip domain-lookup

ip name-server 10.20.50.50

ip name-server 8.8.8.8

! DNS servers which will be allowed for dns queries of unauthenticated clients

access-list 101 sequence 10 permit all any host 192.168.1.1

! access-list is used, so that communication from authentication server to gateway is allowed

configure captive_portal

inbound interface FastEthernet 1

listen-address 192.168.1.1

! listen-address is used internally by NoCat to bind itself to an inet socket, the default

! port is 5280, which can also be changed with the listen-address command

allow acl 101

authentication ldap

ldap server host 192.168.1.3

ldap server baseDN dc=your,dc=company,dc=in

! LDAP authentication configuration

interface FastEthernet 1

ip address 192.168.1.1/16

no shutdown

This is the basic configuration, which demonstrates the use of captive portal in a private lan. The users will be redirectedto a web page when they try toaccess the internet using a web browser.The users will have to use their LDAP username password to authenticate, because we have used LDAP authentication protocol.

General Purpose

Link Layer Interfaces

Serial Interface

Network Interfaces

Packet Routing Protocols

Traffic Engineering

Miscellaneous

Captive Portal

Solutions

Features

Support

Demos

Downloads