Configuring System Information 195Captive PortalThe Captive Portal (CP) feature allows you to block clients directly connected to the switch fromaccessing the network until user verification has been established. You can configure CP verification toallow access for both guest and authenticated users. Authenticated users must be validated against adatabase of authorized Captive Portal users before access is granted. The database can be stored locallyon the switch or on a RADIUS server.When a port is enabled for Captive Portal, all the traffic coming onto the port from the unauthenticatedclients are dropped except for the ARP, DHCP, DNS and NETBIOS packets. These packets are allowed tobe forwarded by the switch so that the unauthenticated clients can get an IP address and be able toresolve the hostname or domain names. Data traffic from authenticated clients goes through asexpected. If an unauthenticated client opens a web browser and tries to connect to network, the CaptivePortal redirects all the HTTP/HTTPS traffic from unauthenticated clients to the authenticating serveron the switch. A Captive portal web page is sent back to the unauthenticated client and the client canauthenticate and based upon the authentication the client is given access to the port.NOTE: For information about the CLI commands you use to view and configure Captive Portal settings, refer to theCaptive Portal Commands chapter in the CLI Reference Guide.The Captive Portal folder contains links to the following pages that help you view and configure systemCaptive Portal settings:• CP Global Configuration• CP Configuration• CP Web Customization• Local Userdos-control sipdip Enables Source IP Address = Destination IP Address (SIP=DIP)Denial of Service protection.dos-control tcpflag Enables TCP Flag Denial of Service protections.dos-control tcpfrag Enables TCP Fragment Denial of Service protection.ip icmp echo-reply Enables or disables the generation of ICMP Echo Reply messages.ip icmp error-interval Limits the rate at which IPv4 ICMP error messages are sent.ip icmp unreachables Enables the generation of ICMP Destination Unreachable messages.ip icmp redirects Enables the generation of ICMP Redirect messages.ipv6 icmp error-internal Limits the rate at which ICMPv6 error messages are sent.ipv6 unreachables Enables the generation of ICMPv6 Destination Unreachable messages.show dos-control Displays Denial of Service configuration information.Table 6-37. Denial of Service Configuration CommandsCLI Command Description