EasyManua.ls Logo

Alcatel-Lucent AOS-W 6.5.3.x - Page 327

Alcatel-Lucent AOS-W 6.5.3.x
1160 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
327| Captive Portal Authentication AOS-W 6.5.3.x| User Guide
For captive portal with role-based access:
(host)(config) #ip access-list session captiveportal
user alias mswitch svc-https permit
user any tcp port dst-nat 8088
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
Redirecting Clients on Different VLANs
You can redirect wireless clients that are on different VLANs (from the switch’s IP address) to the captive portal
on the switch. To do this:
1. Specify the redirect address for the captive portal.
2. For captive portal with the PEFNG license only, you need to modify the captiveportal policy that is assigned
to the user. To do this:
a. Create a network destination alias to the switch interface.
b. Modify the rule set to allow HTTPS to the new alias instead of the mswitch alias.
In the base operating system, the implicit ACL captive-portal-profile is automatically modified.
This example shows how to use the command-line interface to create a network destination called cp-redirect
and use that in the captiveportal policy:
(host)(config) #ip cp-redirect-address ipaddr
For captive portal with PEFNG license:
(host)(config) #netdestination cp-redirect ipaddr
(host)(config) #ip access-list session captiveportal
user alias cp-redirect svc-https permit
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
Web Client Configuration with Proxy Script
If the web client proxy configuration is distributed through a proxy script (a .pac file), you need to configure
the captiveportal policy to allow the client to download the file. Note that in order modify the captiveportal
policy, you must have the PEFNG license installed in the switch.
To allow clients to download proxy script via the WebUI:
1. Edit the captiveportal policy by navigating to the Configuration > Security > Access Control >
Policies page.
2. Add a new rule with the following values:
l Source is user
l Destination is host
l Host IP is the IP address of the proxy server
l Service is svc-https or svc-http
l Action is permit
3. Click Add to add the rule. Use the up arrows to move this rule above the rules that perform destination
NAT.
4. Click Apply.
To allow clients to download proxy script via the command-line interface, access the CLI in config mode and
issue the following commands:

Table of Contents