Specifications
Captive Portal Setup 405
Chapter 19
Customize the Logon Role
The logon role is intended only to allow clients to access the captive portal
logon page. Typically, the logon role should be configured with two session
Access Control Lists (ACLs): one to allow general control traffic (such as DNS
and DHCP) and another to allow captive portal authentication.
Modify the Control ACL
A default control ACL is already configured to allow generic traffic, but may be
modified as necessary. You can view the rules in the control ACL as follows:
N
OTE—Netbios Name Server Lookup (NBNS), shown as rule 2 above, is
required if using a WINS server with Microsoft Windows.
You can add rules to the control ACL as follows:
You can remove rules using the no form of the same command
(Alcatel) # show ip access-list control
ip access-list session control
control
-------
Priority Source Destination Service Action Opcode Log Queue
-------- ------ ----------- ------- ------ ------ --- -----
1 any any svc-dhcp permit Low
2 user any svc-nbns permit Low
3 user any svc-dns permit Low
4 user any svc-tftp permit Low
5 user any svc-gre permit Low
6 any any svc-bootp permit Low
7 user any svc-icmp permit Low
(Alcatel) # configure terminal
Enter Configuration commands, one per line. End with CTRL/Z
(Alcatel) (config) # ip access-list session control
(Alcatel) (config-sess-control) #
<source>
<destination>
<service>
<action>
(Alcatel) (config-sess-control) # no
<source>
<destination>
<service>
<action>