Enables auto-enforcement of captive portal rules on this extended VLAN interface. This option is disabled by default.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000


captive-portal-enforcement {fall-back}


captive-portal-enforcement {fallback}
captive-portal-enforcement Enables auto-enforcement of captive portal access permission rules to data transmitted over this extended VLAN interface. When enforced, wired network users can pass traffic through the captive portal without being redirected to an authentication page. Authentication instead takes place when the RADIUS server is queried against the wired user's MAC address. If the MAC address is in the RADIUS server's user database, the user is allowed access.

A captive portal is an access policy for providing temporary and restrictive access using a standard Web browser. Captive portals capture and re-direct a wired/wireless user's Web browser session to a captive portal login page where the user must enter valid credentials to access the network.

fall-back Optional. If enabling source MAC authentication for Extended VLAN and tunneled traffic on this bridge VLAN, use this option to enforce captive-portal authentication as the fall-back mode of authentication in case MAC authentication fails.


nx9500-6C8809(config-profile testAP7602-bridge-vlan-20)#show context
 bridge vlan 20
  ip igmp snooping
  ip igmp snooping querier
  ipv6 mld snooping
  ipv6 mld snooping querier
nx9500-6C8809(config-profile testAP7602-bridge-vlan-20)#

Related Commands

no Disables auto-enforcement of captive portal rules on this extended VLAN interface