With Captive Portal web-based authentication enabled, the Rocket prompts a user for their username and password when they access the Internet. This information is used to apply appropriate policies and reporting. Use the Captive Portal table to restrict Internet access to the portal until authentication requirements are satisfied. There are a few options that you can use:
You can exclude users reported by an agent, RADIUS, proxy or Lightspeed Systems Mobile Filter Agent. This is a very useful setting, as it minimizes impact on your users if the Rocket knows them already, while ensuring proper identification if it doesn’t know them.
You can configure authentication lifetimes for users, user groups, and user organizational units. Authentication lifetime determines how long a web-based authentication lasts before prompting the user to log in again. Best practices for authentication lifetimes vary depending on your school’s needs. Typically, schools that have users sharing mobile devices set authentication lifetimes to last a single class period. That way, when a new class begins, the previous student’s authentication expires and the new student is asked to log in.
IP addresses or Domains to be exempt from any required authentication. This is useful for accessing resources that you want accessible without any hindrance (such as the school’s website) or for special purpose devices that need to access the internet but cannot provide the use interaction to login to the captive portal (such as printers or cameras.)
To enable the captive portal:
- 1. Click Web Filter, then click Authentication.
- 2. On the Authentication page, scroll down to Captive Portal
- 3. Click the Save button in the bottom right corner of the page to apply your changes.
- Captive portal – Check (select) this option to force all users to authenticate before using the Internet.
- Exclude users reported by a User Agent, RADIUS, proxy, or mobile filter – Check (select) this option to bypass the Captive Portal for users who have already authenticated with the filter via the User Agent, RADIUS server, Proxy Server, or Mobile Filter users.
Tip: You can also bypass the Captive Portal by adding IP addresses or ranges, or Domains, to a list of Exemptions.
- Capture discovery URLs – Check (select) this option to redirect Portal Discovery URLs to authenticate users as they first connect to a Wireless Access Point.
Note: The Captive Portal Discovery URL will override Authentication Exemptions.