Wireless Access

Reply
Frequent Contributor I

Captiveportal session ACL

Does anyone know what the purpose of the following lines in the captiveportal session ACL are?


ip access-list session captiveportal
user alias controller svc-https dst-nat 8081
user alias controller svc-http dst-nat 8080
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081

 

We are seeing these ports showing up from our guest network in the controller datapath. It looks like it will dst-nat all web traffic to the controller?

 

 

Guru Elite

Re: Captiveportal session ACL

They are used for captive portal redirection.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: Captiveportal session ACL

Thanks Tim,

 

Are they required for ClearPass Guest captive portal?

 

Cheers,

Guru Elite

Re: Captiveportal session ACL

Yes, they are required for any captive portal to intercept the traffic and
redirect it to the destination portal.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Aruba

Re: Captiveportal session ACL

If you are not using the Captive Portal whitelist feature for your CPPM servers, don't forget to add an ACL to allow http or https access to your ClearPass servers that will fall above the captiveportal policy within your role.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: