Specifications
OmniAccess Reference: AOS-W System Reference
408 Part 031652-00 May 2005
Allow Guest Access
By default, guest access is disabled. To allow guest access, first the guest
logon must be enabled, and then the guest role must be configured with
appropriate ACLs.
Enable the Guest Logon
By default, the guest login option is disabled. This means that the guest option
is not shown on the login page. Only users with valid user names and
passwords are allowed. To explicitly enable the guest login, use the following
configuration command:
To disable the guest logon, use the no form of the command:
Customize the Guest Role
By default, the guest role denies all traffic except as needed for logging out
(using the default cplogout ACL). To enable other forms of guest access, you
must assign ACLs which permit appropriate guest traffic.
For example, to deny guests all access to the internal class B network but
allow access to the internet, the following configuration commands could be
used:
In the example above, the guest ACL denies internal network access and
allows all else. The guest ACL is then assigned to the guest role.
Another way to achieve the same results is as follows:
(Alcatel) (config) # aaa captive-portal allow-guest-logon
(Alcatel) (config) # no aaa captive-portal allow-guest-logon
(Alcatel) (config) # ip access-list session guest
(Alcatel) (config-sess-guest) # user network 172.5.0.0 255.255.255
deny
(Alcatel) (config-sess-guest) # user any any permit
(Alcatel) (config-sess-guest) # exit
(Alcatel) (config) # user-role guest
(Alcatel) (config-role) # session-acl guest
(Alcatel) (config) # destination internet network 172.5.0.0 255.255.0.0 invert
(Alcatel) (config) # ip access-list session guest
(config-sess-guest) # user alias internet permit