Wireless Access

Hi all bros,

I'm examined Walled Garden & ACLs to find out how to co-ordinate these two configuration tools with external Captive Portal. But very confused how these two configs affects my user experience.

I'm confused when reading the definiton of Walled Garden and ACL.

Walled Garden: control user's access to web or service

ACL: permit or denied data packet through IAP

I need your help to clarify the different between the usage of Walled Garden and ACL. When to use which one?

• Could you explain each phases that are applied when a client associates to WIFI and gains access to internet?
• Which phases involved the configuration of Walled Garden or ACL rule?
• What's happened if I whtilelist a service in Walled Garden but denied it in ACL rule?

Thank in advanced!

Use ACL/firewall rules to whitelist services.

---

@cappalli wrote:

Use ACL/firewall rules to whitelist services.

---

Thanks for your answer.

• Could you explain each phases that are applied when a client associates to WIFI and gains access to internet?
• Which phases involved the configuration of Walled Garden or ACL rule?
• What's happened if I whtilelist a service in Walled Garden but denied it in ACL rule?

Not sure. I never use walled garden and only use ACLs/firewall policies.

---

@cappalli wrote:

Not sure. I never use walled garden and only use ACLs/firewall policies.

---

Thank you.

I'm examined walled garden & ACLs to find out how to co-ordinate these two configuration tools with external Captive Portal. But very confused how these two configs affects my user experience.

I would just use the ACLs/firewall policies and not use walled garden at all.

Walled Garden is a method to 'punch holes' in your captive portal, and is based on DNS names. You typically use this to allow your corporate website, or allow traffic from your mobile app through the captive portal without users need to login. The analogy of a walled garden is that you can access everything within the wall, but nothing outside.

Session based ACLs are stateful firewall rules that are on the destination IP/port/domain/application. These ACLs are bound to roles, and are typically used for the access after authentication.

With recent Aruba Instant firmware, you can apply a 'pre-authentication role' for captive portal, which provides you similar functionality as the walled garden in ACL format. So you probably can use either way, where ACLs seem to provide the most flexibility, and Walled Garden is probably easier to configure.

Hi Herman,

I have a question regards Walled Garden and URL/App/Reputation filters. Can Aruba Central control and apply URL/App/Reputation filter rules definied in the access rules for traffic after a customer has been logged on external captive portal?.

Thank you for your answer.

DT.