Captive Portal HTTP Mirroring

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered

in the NAC-Manager manual is an alternative for web(httP) redirection mentioned. It's called "Captive Portal HTTP Mirroring"! This is the alternative for DNS-Proxy and/or Policy based Routing.
Can somebody explain how Captive Portal HTTP Mirroring works exactly. I can't find anything about that in manuals?
What are the configuration steps to implement this type of web redirection? Which requirements are needed for this type of configuration?

Thanks Ronny
Photo of Ron Hard

Ron Hard

  • 130 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Keene, Scott

Keene, Scott, Employee NMS/GTAC

  • 1,034 Points 1k badge 2x thumb
This is a way to perform NAC's Captive Portal without a traditional redirect method such as PBR or Wireless redirect or even DNS Proxy.  The HTTP traffic would get mirrored to NAC using a switch that supports either a policy (like the N or S series Enetrasys switch) or an ACL etc.  Once the mirrored HTTP traffic reaches the NAC with the "Captive Portal HTTP Mirroring" enabeld, NAC will send back the login to the End System just like it does with PBR or wireless redirect during MAC Registration for example.

Note that your topology must be setup such that the NAC End System's traffic is mirrored to the NAC interface, therefore logically becoming an "inline" solution rather than being out of band as it normally would be.  I dont know of any documentation for this but you can review the documentation in the Extrannet:

Scott Keene
Photo of Keene, Scott

Keene, Scott, Employee NMS/GTAC

  • 1,034 Points 1k badge 2x thumb more thing to note here is that most of the configuration for this is done on the switch that will be mirroring the traffic to the NAC (such as Policy-based Mirroring on an N or S series switch).  For these switches you can use Policy Manager or switch cli to configure the necessary policies and mirrors.  You will also likely need an ACL somewhere to prevent the End Systems' HTTP traffic from making it to the that NAC can answer it.  The only configuration in NAC would be enabling the feature and "Enforcing" that change to the NAC appliance.  Typically this is a custom solution that may require assistance from an on-sit Engineer.

-Scott Keene