Hello Leonardo, The two main methods to be redirected to a captive portal are called VLAN enforcement and Web Authentication.
VLAN Enforcement: PF manages a layer 2 registration VLAN where devices are dropped into to get the captive portal. It leverages RADIUS authentication (Mac authentication or 802.1x) Web Authentication: It’s a vlanless solution for mostly guest network where you have you guest on the production network already and the network equipment is forcing you to see a captive portal (With ACLs) to register. It uses RADIUS authentication as well most of the time. The web Authentication solution is implemented into large layer 3 network and it’s a feature that vendors offer. The VLAN enforcement can be used by any vendor that have RADIUS features implemented. Hope it’s clearer for you. Thanks, Ludovic Zammit Product Support Engineer Principal Cell: +1.613.670.8432 Akamai Technologies - Inverse 145 Broadway Cambridge, MA 02142 Connect with Us: <https://community.akamai.com/> <http://blogs.akamai.com/> <https://twitter.com/akamai> <http://www.facebook.com/AkamaiTechnologies> <http://www.linkedin.com/company/akamai-technologies> <http://www.youtube.com/user/akamaitechnologies?feature=results_main> > On Mar 2, 2022, at 3:05 AM, leonardo.izzo--- via PacketFence-users > <packetfence-users@lists.sourceforge.net> wrote: > > Good morning everyone. I approached Packetfence due to the need to have a > captive portal within a network of one of our customers that includes social > authentication. But before I get totally immersed in this product, I have a > question to ask that will surely denote my poor knowledge of NAC: > Why do I have to configure the switch connected to it to configure a captive > portal in pf? > Based on my experience, working with hardware and software firewalls, when I > needed to configure a captive portal, I did it directly on the firewall which > was the gateway of the network. Why is it different with pf? This limits the > configuration to pf compatible switches only. Also, if someone wants to > bypass authentication, they can simply replace the switch configured to point > directly to the network gateway. Would you be kind enough to explain this to > me? Thank you > > > > Leonardo Izzo > Area Sistemistica > > I.T.S. S.r.l. > Struttura Territoriale Spaggiari S.p.A. > Partner Netasq - Stormshield > Via Antiniana, 115 > 80078 – POZZUOLI (NA) > Tel. +39 081 8549344 > Fax +39 081 2303379 > e-mail:leonardo.i...@itsinformatica.it > <mailto:leonardo.i...@itsinformatica.it> > Sito web: www.itsinformatica.it <http://www.itsinformatica.it/> > > > > Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in > questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora > il messaggio in parola Le fosse pervenuto per errore, La invitiamo ad > eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente > comunicazione. Grazie. > Pursuant to Legislative Decree No. 196/2003, you are hereby informed that > this message contains confidential information intended only for the use of > the addressee. If you are not the addressee, and have received this message > by mistake, please delete it and immediately notify us. You may not copy or > disseminate this message to anyone. Thank you. > > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > <mailto:PacketFence-users@lists.sourceforge.net> > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!FqVrYPwN6_56d6xWITF92f2vibxDXCuDULbUbJeyD_OtiqhfENWh-XPPy4M4_Q$ > > <https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!FqVrYPwN6_56d6xWITF92f2vibxDXCuDULbUbJeyD_OtiqhfENWh-XPPy4M4_Q$>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users