cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Captive Portal HTTP Mirroring

Captive Portal HTTP Mirroring

Ron_Hard
New Contributor
Hi,

in the NAC-Manager manual is an alternative for web(httP) redirection mentioned. It's called "Captive Portal HTTP Mirroring"! This is the alternative for DNS-Proxy and/or Policy based Routing.
Can somebody explain how Captive Portal HTTP Mirroring works exactly. I can't find anything about that in manuals?
What are the configuration steps to implement this type of web redirection? Which requirements are needed for this type of configuration?

Thanks Ronny
2 REPLIES 2

Keene__Scott
Extreme Employee
...one more thing to note here is that most of the configuration for this is done on the switch that will be mirroring the traffic to the NAC (such as Policy-based Mirroring on an N or S series switch). For these switches you can use Policy Manager or switch cli to configure the necessary policies and mirrors. You will also likely need an ACL somewhere to prevent the End Systems' HTTP traffic from making it to the Internet...so that NAC can answer it. The only configuration in NAC would be enabling the feature and "Enforcing" that change to the NAC appliance. Typically this is a custom solution that may require assistance from an on-sit Engineer.

-Scott Keene

Keene__Scott
Extreme Employee
Hello, This is a way to perform NAC's Captive Portal without a traditional redirect method such as PBR or Wireless redirect or even DNS Proxy. The HTTP traffic would get mirrored to NAC using a switch that supports either a policy (like the N or S series Enetrasys switch) or an ACL etc. Once the mirrored HTTP traffic reaches the NAC with the "Captive Portal HTTP Mirroring" enabeld, NAC will send back the login to the End System just like it does with PBR or wireless redirect during MAC Registration for example.

Note that your topology must be setup such that the NAC End System's traffic is mirrored to the NAC interface, therefore logically becoming an "inline" solution rather than being out of band as it normally would be. I dont know of any documentation for this but you can review the documentation in the Extrannet:

https://extranet.extremenetworks.com/downloads/Pages/NMS.aspx

Regards,
Scott Keene

GTM-P2G8KFN