User's Manual
Predefined Policy Description
3. All HTTPS traffic
to any
destination will
be NATed to the
controller on
port 8081,
where an HTTP
redirect will be
issued.
4. All HTTP proxy
traffic will be
NATed to the
controller on
port 8088.
NOTE: In order for
captive portal to
work properly, DNS
must also be
permitted. This is
normally done in
the "logon-control"
firewall rule.
ip access-list session cplogout user alias mswitch svc-https dst-nat 8081
Used to enable the
captive portal
"logout" window. If
the user attempts
to connect to the
controller on the
standard HTTPS
port (443) the client
will be NATed to
port 8081, where
the captive portal
server will answer.
If this rule is not
present, a wireless
client may be able
to access the
controller's
administrative
interface.
ip access-list session vpnlogon
any any svc-ike permit
any any svc-esp permit
any any svc-l2tp permit
any any svc-pptp permit
any any svc-gre permit
This policy permits
VPN sessions to be
established to any
destination. IPsec
(IKE, ESP, and L2TP)
and PPTP (PPTP
and GRE) are
supported.
ip access-list session ap-acl
any any udp 5000
any any udp 5555
any any svc-gre permit
any any svc-syslog permit
any user svc-snmp permit
user any svc-snmp-trap permit
user any svc-ntp permit
This is a policy for
internal use and
should not be
modified. It permits
APs to boot up and
communicate with
the controller.
Dell Networking W-Series ArubaOS 6.4.x | User Guide Behavior and Defaults | 1043