Captive portals – NETGEAR M4350-24F4V 24-Port 10G SFP+ Managed AV Network Switch User Manual
Page 772
Table 172. DAI Statistics information
Description
Field
The VLAN ID.
VLAN
The number of ARP packets that were dropped by DAI because no matching DHCP
snooping binding entry exists.
DHCP Drops
The number of ARP packets that were forwarded by DAI because a matching DHCP
snooping binding entry exists.
DHCP Permits
The number of ARP packets that were dropped by DAI because no matching ARP ACL
rule exists for the VLAN and the static flag is set on the VLAN.
ACL Drops
The number of ARP packets that were permitted by DAI because a matching ARP ACL
rule exists for the VLAN.
ACL Permits
The number of ARP packets that were dropped by DAI because the sender MAC address
in the ARP packets did not match the source MAC address in the Ethernet header.
Bad Source MAC
The number of ARP packets that were dropped by DAI because the target MAC address
in the ARP reply packets did not match the destination MAC address in the Ethernet
header.
Bad Dest MAC
The number of ARP packets that were dropped by DAI because the sender IP address
in the ARP packets or the target IP address in the ARP reply packets is invalid. Invalid
addresses include 0.0.0.0, 255.255.255.255, IP multicast addresses, class E addresses
(240.0.0.0/4), and loopback addresses (127.0.0.0/8).
Invalid IP
The number of valid ARP packets forwarded by DAI.
Forwarded
The number of invalid ARP packets dropped by DAI.
Dropped
Captive portals
The captive portal feature allows you to prevent clients from accessing the network until
user verification is established. You can configure captive portal verification to allow
access for both guest and authenticated users. Authenticated users must be validated
against a database of authorized captive portal users before access is granted. The
database can be stored locally on the switch or on a RADIUS server.
The authentication server supports both HTTP and HTTPS web connections. In addition,
you can configure a captive portal to use an optional HTTP port (in support of HTTP
proxy networks). If configured, this additional port is then used exclusively by the captive
portal. This optional port is in addition to the standard HTTP port 80, which is used for
all other web traffic.
If you enable the captive portal feature on a port, the port drops all traffic from
unauthenticated clients except for ARP, DHCP, DNS, and NETBIOS packets, which are
forwarded so that unauthenticated clients can get an IP address and resolve the host
Main User Manual
772
Manage Switch Security
Fully Managed Switches M4350 Series Main User Manual