FortiWLC – Captive Portal (CP) Authentication for Wired Clients

Captive Portal (CP) Authentication for Wired Clients

Wired clients connected via port profile (tunnelled and bridged) will require CP authentication to pass external traffic. Wired Clients can have CP Authentication with Security Profile configured with L2 mode in Clear profile or L2 mode in 802.1X Clear profile.

Supported access points: AP122, AP822v2, AP822, OAP832, AP832, AP332 (only supports G1/G2 port in mesh configuration), AP433 (only supports G1 port in mesh configuration), FAPU421EV, and FAP-U423EV

To allow wired clients to pass external traffic, do the following:

  1. Create a captive portal (CP)profile
  2. In the security profile, map the CP profile to the security profile. In the security profile ensure that at least one of the (802.1x, WebAuth, Mac Authentication, or CP Bypass) security option is enabled.
  3. In the port profile, map the security profile to port profile


Captive Portal (CP) Authentication for Wired Clients

  • CP authentication is available only when VLAN trunk is disabled.
  • Dynamic VLAN is not supported.\
  • Wired clients connected to a leaf AP should be in bridge mode port profile.
  • Re-authentication will fail, If the Ethernet cable is disconnected and reconnected from the wired client’s port.

Station log for wired client

2015‐Dec‐2 14:31:55.075109 | 08:9e:01:28:64:25 | Station Assign | wired Assigned to <AP_ID=2>(v0)

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos

Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos