Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(

131

132

133

134

135

136

137

138

139

140

136 | Captive Portal for Guest Access Aruba Instant 6.4.0.2-4.1 | User Guide

(Instant AP)(SSID Profile <name># end

(Instant AP)# commit apply

To configure unrestricted access:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name># set-role-unrestricted

(Instant AP)(SSID Profile <name># end

(Instant AP)# commit apply

Example

The following example configures access rules for the wireless network:

(Instant AP)(config)# wlan access-rule WirelessRule

(Instant AP)(Access Rule "WirelessRule")# rule 192.0.2.2 255.255.255.0 match 6 4343 4343 log

classify-media

(Instant AP)(Access Rule "WirelessRule")# rule any any match app deny throttle-downstream 256

throttle-up 256

(Instant AP)(Access Rule "WirelessRule")# rule any any match appcategory collaboration permit

(Instant AP)(Access Rule "WirelessRule")# rule any any match webcategory gambling deny

(Instant AP)(Access Rule "WirelessRule")# rule any any match webcategory training-and-tools

permit

(Instant AP)(Access Rule "WirelessRule")# rule any any match webreputation well-known-sites

permit

(Instant AP)(Access Rule "WirelessRule")# rule any any match webreputation safe-sites permit

(Instant AP)(Access Rule "WirelessRule")# rule any any match webreputation benign-sites permit

(Instant AP)(Access Rule "WirelessRule")# rule any any match webreputation suspicious-sites

deny

(Instant AP)(Access Rule "WirelessRule")# rule any any match webreputation high-risk-sites

deny

(Instant AP)(Access Rule "WirelessRule")# end

(Instant AP)# commit apply

Configuring Captive Portal Roles for an SSID

You can configure an access rule to enforce captive portal authentication for SSIDs with 802.1X authentication

enabled. You can configure rules to provide access to an external captive portal, internal captive portal, so that some

of the clients using this SSID can derive the captive portal role.

The following conditions apply to the 802.1X and captive portal authentication configuration:

l If a user role does not have Captive Portal settings configured, the captive portal settings configured for an SSID

are applied to the client's profile.

l If the SSID does not have Captive Portal settings configured, the captive portal settings configured for a user role

are applied to the client's profile.

l If captive portal settings are configured for both SSID and user role, the captive portal settings configured for a

user role are applied to the client's profile.

You can create a captive portal role for both Internal-acknowledged and External Authentication Text splash

page types.

To enforce the Captive Portal role, use the Instant UI or CLI.

In the Instant UI

To create a captive portal role:

1. Select an SSID profile from the Networks tab. The Edit <WLAN-Profile> window is displayed.

2. In the Access tab, slide to Role-based access control by using the scroll bar.

3. Select a role or create a new one if required.