Redirect DNS queries pre-Captive Portal ?
02-27-2012 04:09 PM
We've got a captive portal setup on one of our legacy networks where the portal pages show when someone has failed to authenticate via MAC address. Since we're allowing them online so that they can see the portal and don't want to force a user to change their possibly static DNS configurations, I was wondering if we might be able to redirect the DNS queries while they're in the unauthenticated role ... then allow their DNS traffic anywhere once they've authenticated successfully.
This is basically to address the DNSchanger trojan behavior w/o breaking anything we're currently allowing our users to do. I'd probably prefer to force them to use OpenDNS, but as this unauthenticated->authenticated role change does not send the user off to DHCP again, I can't do this from the DHCP server. I haven't seen UDP redirection in the controller (yet), but it seemed like this would be a possible approach (and perhaps clean up problem cases for our guest network, too).
Re: Redirect DNS queries pre-Captive Portal ?
02-27-2012 04:38 PM
You can try the rule "user any svc-dns dst-nat ip 220.127.116.11"
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN