Wireless Access

last person joined: 2 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Captiveportal session ACL

Jump to Best Answer
  • 1.  Captiveportal session ACL

    Posted Nov 22, 2016 06:36 PM

    Does anyone know what the purpose of the following lines in the captiveportal session ACL are?


    ip access-list session captiveportal
    user alias controller svc-https dst-nat 8081
    user alias controller svc-http dst-nat 8080
    user any svc-http dst-nat 8080
    user any svc-https dst-nat 8081

     

    We are seeing these ports showing up from our guest network in the controller datapath. It looks like it will dst-nat all web traffic to the controller?

     

     



  • 2.  RE: Captiveportal session ACL

    Posted Nov 22, 2016 06:38 PM
    They are used for captive portal redirection.


  • 3.  RE: Captiveportal session ACL

    Posted Nov 22, 2016 06:48 PM

    Thanks Tim,

     

    Are they required for ClearPass Guest captive portal?

     

    Cheers,



  • 4.  RE: Captiveportal session ACL
    Best Answer

    Posted Nov 22, 2016 06:52 PM
    Yes, they are required for any captive portal to intercept the traffic and
    redirect it to the destination portal.


  • 5.  RE: Captiveportal session ACL

    Posted Nov 22, 2016 07:20 PM

    If you are not using the Captive Portal whitelist feature for your CPPM servers, don't forget to add an ACL to allow http or https access to your ClearPass servers that will fall above the captiveportal policy within your role.