User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000

331

332

333

334

335

336

337

338

339

340

332 | Captive Portal Authentication Dell Networking W-Series ArubaOS 6.4.x| User Guide

Creating Walled Garden Access

On the Internet, a walled garden typically controls a user’s access to web content and services. The walled

garden directs the user’s navigation within particular areas to allow access to a selection of websites or prevent

access to other websites.

The Walled Garden feature can be used with the PEFNG or PEFV licenses.

Walled garden access is needed when an external or internal captive portal is used. A common example could

be a hotel environment where unauthenticated users are allowed to navigate to a designated login page (for

example, a hotel website) and all its contents.

Users who do not sign up for Internet service can view “allowed” websites (typically hotel property websites).

The website names must be DNS-based (not IP address based) and support the option to define wildcards.

Note that the walled garden access feature does not support clients that are configured to use HTTP/HTTPS

proxy.

When a user attempts to navigate to other websites not configured in the white list walled garden profile, the

user is redirected back to the login page. In addition, the black listed walled garden profile is configured to

explicitly block navigation to websites from unauthenticated users.

In the WebUI

1. Navigate to Advanced Services > Stateful Firewall > Destination.

2. Click Add to add a destination name.

3. Select the controller IP version, IPv4 or IPv6, from the IP Versiondrop-down menu.

4. In the Destination Name field, enter a name and click Add.

5. Select namefrom the Rule Type drop-down menu and add a hostname or wildcard with domain name to

which an unauthenticated user is redirected.

6. Click Apply.

7. Navigate to Configuration > Security > Authentication > L3 Authentication.

8. Select Captive Portal Authentication Profile.

9. To allow users to access a domain, enter the destination name that contains the allowed domain names in

the White List field. This stops unauthenticated users from viewing specific domains such as a hotel

website.

A rule in the white list must explicitly permit a traffic session before it is forwarded to the controller. The last

rule in the white list denies everything else.

10.To deny users access to a domain, enter the destination name that contains prohibited domain names in

the Black List field. This prevents unauthenticated users from viewing specific websites.

11.Click Apply.

In the CLI

This example configures a destination named Mywhite-list and adds the domain names, example.com and

example.net to that destination. It then adds the destination name Mywhite-list (which contains the allowed

domain names example.com and example.net) to the white list.

(host)(config)# netdestination "Mywhite-list"

(host)(config)#name example.com

(host)(config)#name example.net

(host) (config) #aaa authentication captive-portal default

(host)(Captive Portal Authentication Profile "default")#white-list Mywhite-list