Enables application of captive portal access permission rules to data transmitted over this specific Ethernet port. This setting is disabled by default.

Captive portal enforcement allows users on the wired network to pass traffic through the captive portal without being redirected to an authentication page. Authentication instead takes place when the RADIUS server is queried against the wired user's MAC address. If the MAC address is in the RADIUS server's user database, the user can pass traffic on the captive portal.

Supported in the following platforms:

  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000


captive-portal-enforcement {fall-back}


captive-portal-enforcement {fall-back}
captive-portal-enforcement fall-back Enables captive-portal enforcement on this Ethernet port
  • fall-back – Optional. Enforces captive portal validation only if port authentication fails. When selected, captive portal policies are enforced only when RADIUS authentication of the client MAC address is not successful. If this option is not selected, captive portal policies are enforced regardless of the client's MAC address being in the RADIUS server's user database or not.



nx9500-6C8809(config-device-B4-C7-99-6D-CD-4B-if-ge2)#show context
 interface ge2

Related Commands

no Disables captive-portal enforcement on this interface