Captive Portal For Mac



You are here: Authentication and User Management > Understanding Authentication Methods

Authentication is a process of identifying a user by through a valid username and password or based on their MAC addresses. The following authentication methods are supported in Instant:

802.1X authentication
MAC authentication
MAC authentication with 802.1X authentication
Captive Portal Authentication
MAC authentication with Captive Portal authentication
802.1X authentication with Captive Portal Role
WISPr authentication

At that point the client will get the initial role in the aaa profile. This role should be the 'logon' role that is linking the captive portal profile you want to use (and allow http, https communication to the cp server). Then the redirection should occur and the second cppm mac-auth service (the one with mac-caching in its name) will be hit.

Hey guys, this is the second deployment where I have seen this. The first deployment we basically used the captive portal bypass feature on the WLC as a workaround, but I cannot do this in the second deployment. Basically, on any Apple device (iPhone/Mac/etc), when I connect to the guest WiFi the captive portal correctly pops up. There's only one way to avoid the captive.apple.com portal page that appears when you connect to a public Wi-Fi hotspot. Today's Best Tech Deals Picked by Macworld's Editors. Once a host is authorized by the Captive portal, its MAC and IP address are allowed unrestricted access. All we need to do is sniff traffic on the network, find a host that is authorized, and spoof its IP and MAC address. Spoofing a MAC is dependent on your network card and driver but most modern network devices today support it. At that point the client will get the initial role in the aaa profile. This role should be the 'logon' role that is linking the captive portal profile you want to use (and allow http, https communication to the cp server). Then the redirection should occur and the second cppm mac-auth service (the one with mac-caching in its name) will be hit.

802.1X authentication

802.1X is an IEEE standard that provides an authentication framework for WLANs. 802.1x uses the Extensible Authentication Protocol (EAP) to exchange messages during the authentication process. The authentication protocols that operate inside the 802.1X framework include EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), and EAP-Tunneled TLS (EAP-TTLS). These protocols allow the network to authenticate the client while also allowing the client to authenticate the network. For more information on EAP authentication framework supported by the IAP, see Supported EAP Authentication Frameworks.

802.1X authentication method allows anIAP to authenticate the identity of a user before providing network access to the user. The Remote Authentication Dial In User Service (RADIUS) protocol provides centralized authentication, authorization, and accounting management. For authentication purpose, the wireless client can associate to a network access server (NAS) or RADIUS client such as a wireless IAP. The wireless client can pass data traffic only after successful 802.1X authentication.

For more information on configuring anIAP to use 802.1X authentication, see Configuring 802.1X Authentication for a Network Profile.

MAC authentication

MAC authentication is used for authenticating devices based on their physical MAC addresses. MAC authentication requires that the MAC address of a machine matches a manually defined list of addresses. This authentication method is not recommended for scalable networks and the networks that require stringent security settings. For more information on configuring anIAP to use MAC authentication, see Configuring MAC Authentication for a Network Profile.

MAC authentication with 802.1X authentication

This authentication method has the following features:

MAC authentication precedes 802.1X authentication - The administrators can enable MAC authentication for 802.1X authentication. MAC authentication shares all the authentication server configurations with 802.1X authentication. If a wireless or wired client connects to the network, MAC authentication is performed first. If MAC authentication fails, 802.1X authentication does not trigger. If MAC authentication is successful, 802.1X authentication is attempted. If 802.1X authentication is successful, the client is assigned an 802.1X authentication role. If 802.1X authentication fails, the client is assigned a deny-all role or mac-auth-only role.
MAC authentication only role - Allows you to create a mac-auth-only role to allow role-based access rules when MAC authentication is enabled for 802.1X authentication. The mac-auth-only role is assigned to a client when the MAC authentication is successful and 802.1X authentication fails. If 802.1X authentication is successful, the mac-auth-only role is overwritten by the final role. The mac-auth-only role is primarily used for wired clients.
L2 authentication fall-through - Allows you to enable the l2-authentication-fallthrough mode. When this option is enabled, the 802.1X authentication is allowed even if the MAC authentication fails. If this option is disabled, 802.1X authentication is not allowed. The l2-authentication-fallthrough mode is disabled by default.

For more information on configuring anIAP to use MAC + 802.1X Authentication, see Configuring MAC Authentication with 802.1X Authentication.

Captive Portal Authentication

Captive portal authentication is used for authenticating guest users. For more information on Captive Portal authentication, see Captive Portal for Guest Access.

MAC authentication with Captive Portal authentication

This authentication method has the following features:

Portal
If the captive portal splash page type is Internal-Authenticated or External-RADIUS Server, MAC authentication reuses the server configurations.
If the captive portal splash page type is Internal-Acknowledged or External-Authentication Text and MAC authentication is enabled, a server configuration page is displayed.
If the captive portal splash page type is none, MAC authentication is disabled.
You can configure the mac-auth-only role when MAC authentication is enabled with captive portal authentication.

For more information configuring anIAP to use MAC and Captive Portal authentication, see Configuring MAC Authentication with Captive Portal Authentication.

Wifi Captive Portal

802.1X authentication with Captive Portal Role

This authentication mechanism allows you to configure different captive portal settings for clients on the same SSID. For example, you can configure an 802.1x SSID and create a role for captive portal access, so that some of the clients using the SSID derive the captive portal role. You can configure rules to indicate access to external or internal captive portal, or none. For more information on configuring captive portal roles for an SSID with 802.1x authentication, see Configuring Captive Portal Roles for an SSID.

WISPr authentication

Wireless Internet Service Provider roaming (WISPr) authentication allows a smart client to authenticate on the network when they roam between wireless Internet service providers, even if the wireless hotspot uses an Internet Service Provider (ISP) with whom the client may not have an account.

Portal For Mac Free

If a hotspot is configured to use WISPr authentication in a specific ISP and a client attempts to access the Internet at that hotspot, the WISPr AAA server configured for the ISP authenticates the client directly and allows the client to access the network. If the client only has an account with a partner ISP, the WISPr AAA server forwards the client’s credentials to the partner ISP’s WISPr AAA server for authentication. When the client is authenticated on the partner ISP, it is also authenticated on your hotspot’s own ISP as per their service agreements. The IAP assigns the default WISPr user role to the client when your ISP sends an authentication message to the IAP. For more information on WISPr authentication, see Configuring WISPr Authentication.

Important

Netgate is offering COVID-19 aid for pfSense software users, learn more.

Cyberoam Captive Portal For Mac

The MACs tab defines actions for MAC addresses that can be either passedthrough the portal for this zone without requiring authentication, or blockedfrom reaching the portal.

To manage these MAC entries:

Steam For Mac

  • Navigate to Services > Captive Portal

  • Click on the line for the Zone to edit

  • Click the MACs tab

  • Click Add to add a new entry

  • Fill in the form as follows:

    Action

    Defines the action to take on this entry:

    Pass

    Always allow traffic through from this MAC address withoutauthentication.

    Block

    Always deny traffic from this MAC address

    MAC address

    The MAC address of the device to allow. The value mustbe colon-separated pairs of digits, such as 00:11:22:33:44:55.

    Description

    Some text describing the entry, if desired.

    Bandwidth up/down

    The amount of bandwidth that this device may use,specified in Kilobits per second. Leave blank to not specify a limit.

  • Click Save

Captive Portal For Mac Osx

From this page, an entry may be edited by clicking on its row, ordeleted by clicking .