Managing Captive Portal in Micro Edge

Overview

Captive Portal enables you to require users agree to terms of use or certain information before connecting to your network. When a user attempts to access any website, they will be prompted with a captive page such as this:

Captive Page Arista Networks Light.png

The checkbox must be checked before the "Connect" button will become enabled.

 

Enabling Captive Portal

The Enabled switch toggles Captive Portal on and off.

When this switch is on, Captive Portal will capture traffic based on its Rules. (If no Rules are enabled, Captive Portal will not capture any traffic.)

 

Settings tab

Logo Settings

Add Logo enables you to provide a custom logo to appear at the top of the captive page. If you do not upload a logo, none is displayed on the captive page.

Once you have uploaded your logo, it will be displayed on in this section. The button changes to Update Logo, enabling you to upload a different logo image. A red X button appears at the right-hand side of your logo, enabling you to remove the logo.

 

Captive page fields

All text on the captive page can be customized.

Page Title The title displayed in the browser tab
Welcome Text A 'banner' or 'header' text, displayed along the top of the captive page, below the logo
Message Heading A summary text, displayed above the main message text
Message Text The 'body' of the captive message

 

Accept button settings

Accept Text Text displayed next to the checkbox
Accept Button Text Text displayed on the button itself

 

Timeout settings

These settings determine how long an authenticated user remains authenticated.

Timeout Value Number of minutes/hours/days before the user is unauthenticated and must re-complete the captive page
Timeout Period Select whether the timeout will be measured in minutes, hours, or days

Redirecting devices

Captive Portal works by redirecting a device's browser to a captive page. There are some important considerations regarding this behavior:

  1. Most wireless devices have a built-in captive portal detection that occurs when the device joins a wireless network. For non-wireless devices, this detection does not occur and a manual attempt to a non-SSL page such as http://neverssl.com or http://captive.apple.com must be performed.
  2. If a device attempts to first access an SSL-based location, the Captive Portal page may not load due to browser security constraints. In this case, a non-SSL based location is necessary to allow the redirect to occur.
  3. The Captive Portal redirect sends the browser to the fully qualified hostname of your Micro Edge gateway appliance. It is important that this hostname resolves for devices on your network. 

Rules tab

Rules determine what types of traffic are captured by Captive Portal. In many environments, a single rule to capture traffic from a guest interface is all that's needed. Other environments may wish to employ a captive page for all employees or anyone using the network.

The table of rules details rules you have created.

Filtering the rules table

  • You can filter the list by typing in the Filter field. Anything which does not match your entry will be hidden.
  • The Action drop-down enables you to display only rules which match the selected action type: Enable (capture traffic) or Disable (do not capture).

Rule order

You can reorder your rules via the two horizontal lines at the left-hand side of each rule. Click and drag to place the selected rule into the desired position.

Note that Captive Portal rules are evaluated in order, from top to bottom, so only the first matching rule is executed. It is recommended to place more-specific rules at the top of the list and more-general rules at the bottom.

 

Creating new rules

You will need to create at least one rule to instruct Captive Portal what types of traffic to capture.

  1. Click Add Rule.
  2. Give your rule a Description, so you know what it does.
  3. The Rule Enabled checkbox is enabled by default. You can disable this if you are creating a rule to be used later, but which should not be active yet.
  4. Select your Conditions (detailed below).
  5. Set the Action Type to "Enabled".
  6. Click Add to finalize the rule.
  7. Once you are finished creating rules, click Save to save your new rule(s).

Rule conditions

These are the criteria that determine whether traffic shall be captured. They are grouped into three headings: Source, Destination, and Other.

The Source conditions capture based on the traffic's source. These are useful for "capture client"-type rules, such as "capture all traffic from the Guest Wi-Fi interface" or "capture all traffic from subnet 192.168.2.0/24".

The Destination conditions capture based on the traffic's destination. These are useful for rules such as "capture all traffic destined for the WAN interface" or "capture traffic destined to 10.11.12.13".

The Other condition, IP Protocol, enables you to capture all traffic of a certain protocol type: ICMP, TCP, and so forth.

 

Action type

The Action setting determines what this rule will do when traffic matches its conditions:

  • Enable will capture the specified traffic
  • Disable will ignore the specified traffic

Disable rules are useful to create exceptions, such as "capture all traffic from this interface except this IP address".

 

It is important to note that, in the context of a rule's Action, enable and disable do not refer to the rule itself! A rule with the Disable action is active and will be used by Captive Portal. To disable a rule so it is not evaluated at all, unselect the Enable check-box in the list of rules.

 

Modifying rules

Click the pencil icon to edit a rule, or click the X icon to delete the rule. Click Update to save the changes to your rule.

 

Follow
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk