In Junos OS 24.4, Captive Portal is used as a web-based authentication method for Layer 2 network access control, often in environments where 802.1X is not feasible for all users.
Fallback Mechanism (Option D): On EX Series switches, Juniper supports a flexible authentication order. By default, the switch attempts authentication in the order of 802.1X, then MAC RADIUS, and finally Captive Portal. If a client fails both 802.1X and MAC RADIUS, the switch can fall back to Captive Portal to redirect the user to a login page.
MAC Allowlist (Option B): Captive Portal relies on intercepting HTTP/HTTPS traffic to redirect users. However, " headless " devices like printers or cameras lack web browsers and cannot interact with the portal. To accommodate these, Junos allows administrators to configure an authentication allowlist (or whitelist), which identifies these devices by their MAC addresses and permits them to bypass the portal entirely.
Precedence (Option A): This is incorrect because Captive Portal is generally the last method in the default sequence, not the first.
Layer 2 Participation (Option C): While Captive Portal requires a Layer 3 interface (RVI/IRB) for the redirection process, it is explicitly used to control Layer 2 access on EX Series switches.
