You are here: Captive Portal for Guest Access > Understanding Captive Portal
Previous TopicNext Topic

Understanding Captive Portal

Instant supports the Captive portal authentication method, where a web page is presented to the guest users when they try to access the Internet whether in hotels, conference centers or Wi-Fi hotspots. The web page also prompts the guest users to authenticate or accept the usage policy and terms. Captive portals are used at many Wi-Fi hotspots and can be used to control wired access as well.

The Instant Captive portal solution consists of the following:

The captive portal web login page hosted by an internal or external server.
The RADIUS authentication or user authentication against IAP's internal database.
The SSID broadcast by the IAP.

With Instant, the administrators can create a wired or WLAN guest network based on Captive portal authentication for guests, visitors, contractors, and any non-employee users who can use the enterprise Wi-Fi network. The administrators can also create guest accounts and customize the Captive portal page with organization-specific logo, terms, and usage policy. With Captive portal authentication and guest profiles, the devices associating with the guest SSID are assigned an initial role and are assigned IP addresses. When a guest user tries to access a URL through HTTP or HTTPS, the Captive portal web page prompting the user to authenticate with a user name and password is displayed.

Types of Captive Portal

Instant supports the following types of Captive portal authentication:

Internal Captive portal — For Internal Captive portal authentication, an internal server is used for hosting the captive portal service. It supports the following types of authentication:
Internal Authenticated— When Internal Authenticated is enabled, a guest user must authenticate in the captive portal page to access the Internet. The guest users who are required to authenticate must already be added to the user database.
Internal Acknowledged— When Internal Acknowledged is enabled, a guest user must accept the terms and conditions to access the Internet.
External Captive portal— For external Captive portal authentication, an external portal on the cloud or on a server outside the enterprise network is used.

Walled Garden

The administrators can also control the resources that the guest users can access and the amount of bandwidth or air time they can use at any given time. When an external Captive portal is used, the administrators can configure a walled garden, which determines access to the URLs requested by the guest users. For example, a hotel environment where the unauthenticated users are allowed to navigate to a designated login page (for example, a hotel website) and all its contents. The users who do not sign up for the Internet service can view only the “allowed” Websites (typically hotel property Websites).

The administrators can allow or block access to specific URLs by creating a whitelist and blacklist. When the users attempt to navigate to other Websites, which are not in the whitelist of the walled garden profile, the users are redirected to the login page. If the requested URL is on the blacklist, it is blocked. If it appears on neither list the request is redirected to the external Captive portal.