beautypg.com

Captive portals – NETGEAR M4350-24F4V 24-Port 10G SFP+ Managed AV Network Switch User Manual

Page 772

background image

Table 172. DAI Statistics information

Description

Field

The VLAN ID.

VLAN

The number of ARP packets that were dropped by DAI because no matching DHCP
snooping binding entry exists.

DHCP Drops

The number of ARP packets that were forwarded by DAI because a matching DHCP
snooping binding entry exists.

DHCP Permits

The number of ARP packets that were dropped by DAI because no matching ARP ACL
rule exists for the VLAN and the static flag is set on the VLAN.

ACL Drops

The number of ARP packets that were permitted by DAI because a matching ARP ACL
rule exists for the VLAN.

ACL Permits

The number of ARP packets that were dropped by DAI because the sender MAC address
in the ARP packets did not match the source MAC address in the Ethernet header.

Bad Source MAC

The number of ARP packets that were dropped by DAI because the target MAC address
in the ARP reply packets did not match the destination MAC address in the Ethernet
header.

Bad Dest MAC

The number of ARP packets that were dropped by DAI because the sender IP address
in the ARP packets or the target IP address in the ARP reply packets is invalid. Invalid
addresses include 0.0.0.0, 255.255.255.255, IP multicast addresses, class E addresses
(240.0.0.0/4), and loopback addresses (127.0.0.0/8).

Invalid IP

The number of valid ARP packets forwarded by DAI.

Forwarded

The number of invalid ARP packets dropped by DAI.

Dropped

Captive portals

The captive portal feature allows you to prevent clients from accessing the network until
user verification is established. You can configure captive portal verification to allow
access for both guest and authenticated users. Authenticated users must be validated
against a database of authorized captive portal users before access is granted. The
database can be stored locally on the switch or on a RADIUS server.

The authentication server supports both HTTP and HTTPS web connections. In addition,
you can configure a captive portal to use an optional HTTP port (in support of HTTP
proxy networks). If configured, this additional port is then used exclusively by the captive
portal. This optional port is in addition to the standard HTTP port 80, which is used for
all other web traffic.

If you enable the captive portal feature on a port, the port drops all traffic from
unauthenticated clients except for ARP, DHCP, DNS, and NETBIOS packets, which are
forwarded so that unauthenticated clients can get an IP address and resolve the host

Main User Manual

772

Manage Switch Security

Fully Managed Switches M4350 Series Main User Manual