Captive Portal (CP) Authentication for Wired Clients
Wired clients connected via port profile (tunnelled and bridged) will require CP authentication to pass external traffic. Wired Clients can have CP Authentication with Security Profile configured with L2 mode in Clear profile or L2 mode in 802.1X Clear profile.
Supported access points: AP122, AP822v2, AP822, OAP832, AP832, AP332 (only supports G1/G2 port in mesh configuration), AP433 (only supports G1 port in mesh configuration), FAPU421EV, and FAP-U423EV
To allow wired clients to pass external traffic, do the following:
- Create a captive portal (CP)profile
- In the security profile, map the CP profile to the security profile. In the security profile ensure that at least one of the (802.1x, WebAuth, Mac Authentication, or CP Bypass) security option is enabled.
- In the port profile, map the security profile to port profile
NOTES
Captive Portal (CP) Authentication for Wired Clients
- CP authentication is available only when VLAN trunk is disabled.
- Dynamic VLAN is not supported.\
- Wired clients connected to a leaf AP should be in bridge mode port profile.
- Re-authentication will fail, If the Ethernet cable is disconnected and reconnected from the wired client’s port.
Station log for wired client
2015‐Dec‐2 14:31:55.075109 | 08:9e:01:28:64:25 | Station Assign | wired Assigned to <AP_ID=2>(v0)
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!