Security

Reply
Occasional Contributor II
Posts: 17
Registered: ‎09-26-2008

Redirect DNS queries pre-Captive Portal ?

We've got a captive portal setup on one of our legacy networks where the portal pages show when someone has failed to authenticate via MAC address.  Since we're allowing them online so that they can see the portal and don't want to force a user to change their possibly static DNS configurations, I was wondering if we might be able to redirect the DNS queries while they're in the unauthenticated role ... then allow their DNS traffic anywhere once they've authenticated successfully.

 

This is basically to address the DNSchanger trojan behavior w/o breaking anything we're currently allowing our users to do.  I'd probably prefer to force them to use OpenDNS, but as this unauthenticated->authenticated role change does not send the user off to DHCP again, I can't do this from the DHCP server.  I haven't seen UDP redirection in the controller (yet), but it seemed like this would be a possible approach (and perhaps clean up problem cases for our guest network, too).

 

Thanks!

 

andrew.

Guru Elite
Posts: 20,416
Registered: ‎03-29-2007

Re: Redirect DNS queries pre-Captive Portal ?

You can try the rule "user any svc-dns dst-nat ip 8.8.8.8"

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 17
Registered: ‎09-26-2008

Re: Redirect DNS queries pre-Captive Portal ?

Colin, I'll give it a shot ... but I'd been under the impression that the controllers only did TCP redirection, not UDP.

 

Thanks!

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: