Captive Portal user authentication (external Web Authentication)

Captive Portal user authentication provides a means to authenticate the clients through an external web server. A client that seeks web access to a network is redirected to the authentication web login page hosted on the external web server (such as the Aruba ClearPass server, Ruckus CloudPath, and Cisco ISE) that is integrated with the RADIUS server.

NOTE
Because the authentication server and web login page reside in an external server, Captive Portal user authentication is referred to as external Web Authentication in this document.

To equip the Brocade switch to handle the HTTP redirection mechanism, configuration details specific to the external web server such as virtual IP address, HTTP or HTTPS protocol port number, and login page details hosted on the Aruba ClearPass server must be specified on the switch. Upon receiving the redirected web access request, external web server transmits the login page to the client which in turn submits the user login credentials. The external web server reverts the credentials and sends the username, password, and default URL of the web page to the Brocade switch. The Brocade switch makes use of the credentials for initiating the authentication process through the RADIUS server.

NOTE

The RADIUS server validates the user credential information and, if the client is authenticated, the client is redirected to the URL provided by the server. For information about re-authentication and login failure behavior, refer to Configuring the re-authentication period and Defining the web authentication cycle.

NOTE
For more details for configuring external captive portal on external web server, refer to the Aruba ClearPass Guest User Guide. The RADIUS server on the Brocade switch and the one integrated with the external web server must have the same configuration. Refer to the ClearPass Guest 6.4 User Guide, as the version used for validation is 6.4.