This article explains a new feature introduced in IAP version 220.127.116.11-18.104.22.168 where it controls how an IAP behaves when the external captive portal is down.
Each time a pre-authenticated client sends HTTP traffic which needs to be proxied to the external captive portal server, and IAP cannot open the TCP connection to the portal server, then IAP considers the captive portal server to be down for the current client session.
In a situation like this, we can either choose to deny internet access to prevent clients from using the network when the captive portal is down or allow internet access to allow clients to get online automatically when the portal is down.
This article applies to all the IAP running minimum version of 22.214.171.124.126.96.36.199.
Environment : All the sample outputs in this article have been tested on IAP 105 running 188.8.131.52-184.108.40.206.
- Create a new SSID and navigate to Security tab.
- Choose the splash page type as “External-Radius Authentication” or “External – Authentication Text”
- Choose “allow internet” or “deny internet” from the “captive portal failure” drop down as shown below:
When the external captive portal fails, the browser shows an error similar to this:
Depending upon whether we have allowed Internet or denied internet in the captive portal failure drop down, the client will either be allowed or denied access to the internet.