Configures a captive portal policy and enters its configuration mode. Once created and configured, use the captive portal policy in the WLAN context, and in the device/profile contexts of the access point or controller hosting the captive portal server.

A captive portal is a browser-based authentication mechanism that forces unauthenticated users to a web page. Captive portals capture and re-direct a wireless user's web-browser session to a captive portal login page where the user must enter valid credentials to access the wireless network. Once logged into the captive portal, additional Acknowledgment, Agreement, Welcome, No Service and Fail customized pages enhance screen flow and user experience.

Captive portals are recommended for providing guests or visitors authenticated access to network resources when 802.1X EAP is not a viable option. Captive portal authentication does not provide end-user data encryption, but it can be used with static WEP, WPA-PSK or WPA2-PSK encryption.

Authentication for captive portal access requests is performed using a username and password pair, authenticated by an integrated RADIUS server. Authentication for private network access is conducted either locally on the requesting wireless client, or centrally at a data center.

Captive portals use a Web provisioning tool to create guest user accounts directly on the controller, service platform, or access point. The connection medium defined for the Web connection is either HTTP or HTTPS. Both HTTP and HTTPS use a request and response procedure to disseminate information to and from requesting wireless clients.


captive-portal <CAPTIVE-PORTAL-NAME>


captive-portal <CAPTIVE-PORTAL-NAME>


Specify the captive portal name. If a captive portal with the specified name does not exist, it is created.


nx9500-6C8809(config)#captive-portal test
Captive Portal Mode commands:
  access-time                 Allowed access time for the client. Used when
                              there is no session time in radius response
  access-type                 Access type of this captive portal
  accounting                  Configure how accounting records are created for
                              this captive portal policy
  bypass                      Bypass captive portal
  connection-mode             Connection mode for this captive portal
  custom-auth                 Custom user information
  data-limit                  Enforce data limit for clients
  frictionless-onboarding     Register the client MAC address at ExtremeGuest
                              on redirection
  inactivity-timeout          Inactivity timeout in seconds. If a frame is not
                              received from client for this amount of time,
                              then current session will be removed
  ipv6                        Internet Protocol version 6 (IPv6)
  localization                Configure the FQDN address to get the
                              localization parameters for the client
  logout-fqdn                 Configure the FQDN address to logout the session
                              from client
  no                          Negate a command or set its defaults
  oauth                       OAuth 2.0 authentication configuration
  php-helper                  Configure the captive portal to use a server for
                              help with php
  post-authentication-vlan    Configure post authentication vlan for captive
                              portal users
  radius-vlan-assignment      Enable radius vlan assignment for captive portal
  redirection                 Configure connection redirection parameters
  report-loyalty-application  Report customer loyalty application presence in
  server                      Configure captive portal server parameters
  simultaneous-users          Particular username can only be used by a
                              certain number of MAC addresses at a time
  terms-agreement             User needs to agree for terms and conditions
  use                         Set setting to use
  webpage                     Configure captive portal webpage parameters
  webpage-auto-upload         Enable automatic upload of internal and advanced
  webpage-location            The location of the webpages to be used for
                              authentication. These pages can either be hosted
                              on the system or on an external web server.
  welcome-back                Welcome back page settings

  clrscr                      Clears the display screen
  commit                      Commit all changes made in this session
  do                          Run commands from Exec mode
  end                         End current mode and change to EXEC mode
  exit                        End current mode and down to previous mode
  help                        Description of the interactive help system
  revert                      Revert changes
  service                     Service Commands
  show                        Show running system information
  write                       Write running configuration to memory or

Related Commands


Removes an existing captive portal