Captive portals – NETGEAR AV Line M4250 GSM4210PX 8-Port Gigabit PoE+ Compliant Managed AV Switch with SFP (220W) User Manual

Table 157. DAI Statistics information (Continued)

Description

Field

The number of ARP packets that were dropped by DAI because the sender MAC address
in the ARP packets did not match the source MAC address in the Ethernet header.

Bad Source MAC

The number of ARP packets that were dropped by DAI because the target MAC address
in the ARP reply packets did not match the destination MAC address in the Ethernet
header.

Bad Dest MAC

The number of ARP packets that were dropped by DAI because the sender IP address
in the ARP packets or the target IP address in the ARP reply packets is invalid. Invalid
addresses include 0.0.0.0, 255.255.255.255, IP multicast addresses, class E addresses
(240.0.0.0/4), and loopback addresses (127.0.0.0/8).

Invalid IP

The number of valid ARP packets forwarded by DAI.

Forwarded

The number of invalid ARP packets dropped by DAI.

Dropped

Captive portals

The captive portal feature allows you to prevent clients from accessing the network until
user verification is established. You can configure captive portal verification to allow
access for both guest and authenticated users. Authenticated users must be validated
against a database of authorized captive portal users before access is granted. The
database can be stored locally on the switch or on a RADIUS server.

The authentication server supports both HTTP and HTTPS web connections. In addition,
you can configure a captive portal to use an optional HTTP port (in support of HTTP
proxy networks). If configured, this additional port is then used exclusively by the captive
portal. This optional port is in addition to the standard HTTP port 80, which is used for
all other web traffic.

If you enable the captive portal feature on a port, the port drops all traffic from
unauthenticated clients except for ARP, DHCP, DNS, and NETBIOS packets, which are
forwarded so that unauthenticated clients can get an IP address and resolve the host
name or domain names. Data traffic from authenticated clients goes through, and the
rules do not apply to these packets.

For a port on which you enable the captive portal feature, if an unauthenticated client
opens a web browser and tries to connect to network, the captive portal redirects all
HTTP and HTTPS traffic from unauthenticated clients to the authenticating server on the
switch. A captive portal web page is displayed for the unauthenticated client, allowing
the client to authenticate, after which the client receives access to the port.

The captive portal feature is not supported for VLAN interfaces, loopback interfaces,
and logical interfaces. The captive portal feature uses MAC-address based authentication

Main User Manual

631

Manage Switch Security

AV Line of Fully Managed Switches M4250 Series Main User Manual