Specifications
Captive Portal Setup 409
Chapter 19
In the example above, a destination alias is created that represents all IP
addresses except the internal network (by selecting the internal network and
using the invert option). The guest user is then permitted access to the
resources in the alias.
Configure Other User Roles
You can configure other user roles as needed. For each role, first create the
session ACLs. Then, apply the session ACLs to the appropriate user role.
In the following example, we will create two session ACLs (noilabs and nonoc)
and then use them to configure three user roles.
ip access-list session noilabs
(This policy denies access to the iLabs network)
any network 45.128.0.0 255.128.0.0 any deny
exit
ip access-list session nonoc
(This policy denies access to the NOC network)
user host 45.0.12.20 dns permit
any network 45.0.0.0 255.255.0.0 any deny
any network 45.2.0.0 255.255.0.0 any deny
any network 45.125.0.0 255.255.0.0 any deny
any network 45.120.0.0 255.255.0.0 any deny
any network 192.16.170.0 255.255.255.0 any deny
exit
user-role ilabs
(iLabs users do not have access to the NOC network)
session-acl nonoc
session-acl allowall
exit
user-role guest
(
Guest users do not have access to either NOC or iLabs)
no session-acl control
no session-acl guest
session-acl nonoc
session-acl noilabs
session-acl allowall
exit
user-role noc
(
NOC users have complete access)
session-acl allowall