Security

Reply
New Contributor
Posts: 2
Registered: ‎09-01-2011

iPad activations

I was wondering how others are handling the activation of iPads out of the box on their wireless networks.  iPad reach out to Apple.com before futures are functional if I am correct.  A login splash page such as a captive portal breaks this activation.  Do you request that users activate their new iPads from home networks, over a mifi network or cellular before access a guest network in your corporation?  Just wondering others handle the avalanche of devices.

Aruba
Posts: 1,642
Registered: ‎04-13-2009

Re: iPad activations

[ Edited ]

There are a couple of options.

 

One is to setup a netdestination with the sites/domain names in question.  Then to add a rule to the Captive Portal policy to permit traffic to this netdestination/alias; placing the rule above the Captive Portal redirects.

 

Example:

(config)# netdestination allowed-ipad-sites

(config-dest)# name apple.com

 

(config)# ip access-list session <yourCPpolicy>

(config-sess-<yourCPpolicy>)# user alias allowed-ipad-sites any permit position 1


***this rule needs to be before any DST-NAT entries

 

A second option is to add a netdestination to the whitelist of the Captive Portal profile.

 

Example:

(config)# netdestination allowed-ipad-sites

(config-dest)# name apple.com

 

(config)# aaa authentication captive-portal <yourCPprofile>

(Captive Portal Authentication Profile <yourCPprofile>)#white-list allowed-ipad-sites

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

New Contributor
Posts: 2
Registered: ‎09-01-2011

Re: iPad activations

Thanks very much for the info.  I will give that a try.  To expand on that.  Is there a similar process if for the AmigoPod self-registration Guest portal?

 

Aruba
Posts: 1,642
Registered: ‎04-13-2009

Re: iPad activations

When you say similar process, do you mean to allow access to the guest registration portal without having the traffic hit the DST-NAT rule?   If so, you really have the same options really.   You can create a Network Destination that corresponds to your Amigopod or you can just add a line in your logon role to allow http/https traffic to Amigopod.

 

(config)# ip access-list session <yourLogonRolepolicy>

(config-sess-<yourLogonRolepolicy>)# user host <ip.of.amigopod> svc-http permit position 1

(config-sess-<yourLogonRolepolicy>)# user host <ip.of.amigopod> svc-https permit position 2

 

As part of a Network Destination:

(config)# netdestination amigopod-servers

(config-dest)# host <ip.of.amigopod>

 

(config)# ip access-list session <yourLogonRolepolicy>

(config-sess-<yourLogonRolepolicy>)# user alias amigopod-servers svc-http permit position 1

(config-sess-<yourLogonRolepolicy>)# user alias amigopod-servers svc-https permit position 2

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Search Airheads
Showing results for 
Search instead for 
Did you mean: