Wireless Access

Reply
New Contributor
Posts: 2
Registered: ‎10-28-2015

IAP 204 captive portal access list

Hello Team,

 

I have IAP 204 configured with external captive portal.

Software: 6.4.2.3

I am redirected correctly to captive portal, but i do not have access to all the ports of that captive portal. Checking ACL in CLI i can see:

 

04:bd:88:c3:88:14# show datapath acl 138
Datapath ACL 138 Entries
-----------------------
Flags: P - permit, L - log, E - established, M/e - MAC/etype filter
S - SNAT, D - DNAT, R - redirect, r - reverse redirect m - Mirror
I - Invert SA, i - Invert DA, H - high prio, O - set prio, C - Classify Media
A - Disable Scanning, B - black list, T - set TOS, 4 - IPv4, 6 - IPv6
K - App Throttle, d - Domain DA
----------------------------------------------------------------
1: any any 17 0-65535 8209-8211 P4
2: any 172.31.98.1 255.255.255.255 6 0-65535 80-80 PSD4
3: any 172.31.98.1 255.255.255.255 6 0-65535 443-443 PSD4
4: any captive.example.com 6 0-65535 80-80 Pd4
5: any captive.example.com 6 0-65535 443-443 Pd4
6: any captive.example.com 6 0-65535 8443-8443 Pd4 hits 76
7: any any 6 0-65535 80-80 PSD4 hits 42
8: any any 6 0-65535 8080-8080 PSD4
9: any any 6 0-65535 443-443 PSD4
10: 172.31.98.0 255.255.254.0 172.31.98.0 255.255.254.0 17 0-65535 67-68 P4
11: 172.31.98.0 255.255.254.0 224.0.0.0 224.0.0.0 17 0-65535 67-68 P4
12: 172.31.98.0 255.255.254.0 any 17 0-65535 67-68 PS4
13: any any 17 0-65535 67-68 P4
14: 172.31.98.0 255.255.254.0 172.31.98.0 255.255.254.0 17 0-65535 53-53 P4
15: 172.31.98.0 255.255.254.0 224.0.0.0 224.0.0.0 17 0-65535 53-53 P4
16: 172.31.98.0 255.255.254.0 any 17 0-65535 53-53 PS4
17: any any 17 0-65535 53-53 P4 hits 162
18: 172.31.98.0 255.255.254.0 172.31.98.0 255.255.254.0 6 0-65535 8081-8081 P4
19: 172.31.98.0 255.255.254.0 224.0.0.0 224.0.0.0 6 0-65535 8081-8081 P4
20: 172.31.98.0 255.255.254.0 any 6 0-65535 8081-8081 PS4
21: any any 6 0-65535 8081-8081 P4
22: any any any 4 hits 69
 

So - only ports 80, 443 and 8443 are allowed. I need to add all ports.

In GUI i have configured in specific Role: "Allow any to all destinations" 

 

How to fix it in CLI ?

Is it some kind of bug/limitation in GUI ?

 

Thanks,

Michal

Guru Elite
Posts: 20,775
Registered: ‎03-29-2007

Re: IAP 204 captive portal access list

Do you need to allow ports after authentication?  If you allow all ports before authentication, the captive portal will not show up.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 2
Registered: ‎10-28-2015

Re: IAP 204 captive portal access list

Hi Joseph,

 

My problem is that i am redirected to captive portal (can see web page) - but also need to connect via different ports (not 80,443,8443) to that portal and those TCP SYN packets to captive portal are being dropped.

In CLI we do see that while in GUI it looks like all traffic to captive portal should be allowed.

 

Thanks,

Search Airheads
Showing results for 
Search instead for 
Did you mean: