Captive Portal Redirection is an extension of the ONEPolicy feature. You can configure policy roles to force redirection of HTTP traffic by specifying a web redirection class index that corresponds to a list of potential redirection servers (captive portal server IP and TCP port numbers identifying HTTP traffic). For traffic that is placed into one of these policy roles (through authentication or policy admin-profile rules) certain actions are taken.
If the incoming traffic is on the configured L4 port and is not destined for the configured captive portal server IP, the switch causes an HTTP redirect message (code 307) to be sent back to the client. If the incoming traffic is destined for the configured captive portal server IP, or it is not on one of the configured listening L4 ports, the traffic is handled according to the rest of the policy role configuration.
You can configure up to three ports on which ONEPolicy listens for client traffic that is (potentially) subject to HTTP redirection. You can configure ten groups of two captive portal servers that can be used to redirect traffic in different roles to different servers.
Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X870, X440-G2, X620, X690 series switches.
configure policy captive-portal web-redirect redirect_index server server_id {url redirect_url} {status}
unconfigure policy captive-portal web-redirect redirect_index server server_id
configure policy captive-portal listening socket_list
unconfigure policy captive-portal listening [ socket_list | all ]
show policy captive-portal {web-redirect {redirect_index | all} | listening }
Changes are underlined.
configure policy profile profile_index {name name} {pvid pvid} {pvid-status pvid_status} {cos cos} {cos-status cos_status} {egress-vlans egress_vlan_list}{forbidden-vlans forbidden_vlans} {untagged-vlans untagged_vlans} {append | clear} {tci-overwrite tci_overwrite} {auth-override auth_override} {web-redirect web_redir_index}