FortiWLC – Captive Portal (CP) Authentication for Wired Clients

Captive Portal (CP) Authentication for Wired Clients

Wired clients connected via port profile (tunnelled and bridged) will require CP authentication to pass external traffic. Wired Clients can have CP Authentication with Security Profile configured with L2 mode in Clear profile or L2 mode in 802.1X Clear profile.

Supported access points: AP122, AP822v2, AP822, OAP832, AP832, AP332 (only supports G1/G2 port in mesh configuration), AP433 (only supports G1 port in mesh configuration), FAPU421EV, and FAP-U423EV

To allow wired clients to pass external traffic, do the following:

  1. Create a captive portal (CP)profile
  2. In the security profile, map the CP profile to the security profile. In the security profile ensure that at least one of the (802.1x, WebAuth, Mac Authentication, or CP Bypass) security option is enabled.
  3. In the port profile, map the security profile to port profile


Captive Portal (CP) Authentication for Wired Clients

  • CP authentication is available only when VLAN trunk is disabled.
  • Dynamic VLAN is not supported.\
  • Wired clients connected to a leaf AP should be in bridge mode port profile.
  • Re-authentication will fail, If the Ethernet cable is disconnected and reconnected from the wired client’s port.

Station log for wired client

2015‐Dec‐2 14:31:55.075109 | 08:9e:01:28:64:25 | Station Assign | wired Assigned to <AP_ID=2>(v0)

This entry was posted in Administration Guides, FortiWLC on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.