Occasional Contributor II

Redirect DNS queries pre-Captive Portal ?

We've got a captive portal setup on one of our legacy networks where the portal pages show when someone has failed to authenticate via MAC address.  Since we're allowing them online so that they can see the portal and don't want to force a user to change their possibly static DNS configurations, I was wondering if we might be able to redirect the DNS queries while they're in the unauthenticated role ... then allow their DNS traffic anywhere once they've authenticated successfully.


This is basically to address the DNSchanger trojan behavior w/o breaking anything we're currently allowing our users to do.  I'd probably prefer to force them to use OpenDNS, but as this unauthenticated->authenticated role change does not send the user off to DHCP again, I can't do this from the DHCP server.  I haven't seen UDP redirection in the controller (yet), but it seemed like this would be a possible approach (and perhaps clean up problem cases for our guest network, too).





Guru Elite

Re: Redirect DNS queries pre-Captive Portal ?

You can try the rule "user any svc-dns dst-nat ip"


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN
Occasional Contributor II

Re: Redirect DNS queries pre-Captive Portal ?

Colin, I'll give it a shot ... but I'd been under the impression that the controllers only did TCP redirection, not UDP.





Search Airheads
Showing results for 
Search instead for 
Did you mean: