Wireless Access

last person joined: 11 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Captiveportal session ACL

This thread has been viewed 16 times

  • 1.  Captiveportal session ACL

    Posted Nov 22, 2016 06:36 PM

    Does anyone know what the purpose of the following lines in the captiveportal session ACL are?


    ip access-list session captiveportal
    user alias controller svc-https dst-nat 8081
    user alias controller svc-http dst-nat 8080
    user any svc-http dst-nat 8080
    user any svc-https dst-nat 8081

     

    We are seeing these ports showing up from our guest network in the controller datapath. It looks like it will dst-nat all web traffic to the controller?

     

     



  • 2.  RE: Captiveportal session ACL

    EMPLOYEE
    Posted Nov 22, 2016 06:38 PM
    They are used for captive portal redirection.


  • 3.  RE: Captiveportal session ACL

    Posted Nov 22, 2016 06:48 PM

    Thanks Tim,

     

    Are they required for ClearPass Guest captive portal?

     

    Cheers,



  • 4.  RE: Captiveportal session ACL
    Best Answer

    EMPLOYEE
    Posted Nov 22, 2016 06:52 PM
    Yes, they are required for any captive portal to intercept the traffic and
    redirect it to the destination portal.


  • 5.  RE: Captiveportal session ACL

    Posted Nov 22, 2016 07:20 PM

    If you are not using the Captive Portal whitelist feature for your CPPM servers, don't forget to add an ACL to allow http or https access to your ClearPass servers that will fall above the captiveportal policy within your role.