vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-01 00:19:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
ntopng/doc/README.captive_portal
Josh Soref 78e78c018c Fixes spellings and typos 
Thank goes to
Josh Soref <jsoref@users.noreply.github.com>
2017-03-06 17:54:48 +01:00

41 lines
2.1 KiB
Text
Raw Blame History

What is a Captive Portal ?
--------------------------
A captive portal (https://en.wikipedia.org/wiki/Captive_portal) is
a web page usually employed to allow legitimate users to enter a
network and keep intruders out. When using ntopng in inline mode
(see README.inline for more information) you can enable the
captive portal from the ntop preferences menu (note that you need
to make sure you have started ntopng on HTTP port 80). At this point
the communications between the two bridged interfaces can happen only
for the known hosts.
How to use the captive portal
-----------------------------
Once the captive portal is enabled, you need to create users for
the captive portal. They are different from standard ntopng users
as they are not meant to be used for accessing the ntopng GUI but
just for authenticating on the captive portal. The idea is to create
a portal user for a physical user, or create generic users such
as guest or anonymous. Authenticating on the captive portal is not
used just to enable network access, but to bind assets to people.
Example if John owns a phone, a tablet and a laptop, when these
devices access the network they are bound to John in addition to
having granted network access. This way you can forget identifying
computers and start thinking in terms of humans.
When creating a captive portal user, ntopng will ask you to
create a network pool that is a set of assets falling under the same
administrative domain. They can be identified both by IP and MAC
address. A captive portal user is bound to exactly one network pool.
During captive portal creation, you can specify how long an asset
can be bound to a user, either permanently or temporarily (e.g. until
midnight). As long as an asset is bound to a user, it does not need
to authenticate all the time it accesses the network but only
at the first access.
The use of the captive portal is useful for preventing unauthorized
assets to access the network (e.g. a television or an IP phone) and
for enforcing network access. In fact for every network pool it is
possible to associate some network policies for blocking selected
protocols or shaping traffic to a specific threshold.
Reference in a new issue View git blame Copy permalink