Concept Guide
Table Of Contents
- About this Guide
- About Instant
- Setting up a W-IAP
- Automatic Retrieval of Configuration
- Instant User Interface
- Initial Configuration Tasks
- Basic Configuration Tasks
- Additional Configuration Tasks
- Customizing W-IAP Settings
- Modifying the W-IAP Hostname
- Configuring Zone Settings on a W-IAP
- Specifying a Method for Obtaining IP Address
- Configuring External Antenna
- Configuring Radio Profiles for a W-IAP
- Configuring Uplink VLAN for a W-IAP
- Changing USB Port Status
- Master Election and Virtual Controller
- Adding a W-IAP to the Network
- Removing a W-IAP from the Network
- VLAN Configuration
- Wireless Network Profiles
- Configuring Wireless Network Profiles
- Configuring Fast Roaming for Wireless Clients
- Editing Status of a WLAN SSID Profile
- Editing a WLAN SSID Profile
- Deleting a WLAN SSID Profile
- Wired Profiles
- Configuring a Wired Profile
- Assigning a Profile to Ethernet Ports
- Editing a Wired Profile
- Deleting a Wired Profile
- Link Aggregation Control Protocol
- Understanding Hierarchical Deployment
- Captive Portal for Guest Access
- Understanding Captive Portal
- Configuring a WLAN SSID for Guest Access
- Configuring Wired Profile for Guest Access
- Configuring Internal Captive Portal for Guest Network
- wConfiguring External Captive Portal for a Guest Network
- Configuring Facebook Login
- Configuring Guest Logon Role and Access Rules for Guest Users
- Configuring Captive Portal Roles for an SSID
- Configuring Walled Garden Access
- Authentication and User Management
- Managing W-IAP Users
- Supported Authentication Methods
- Supported EAP Authentication Frameworks
- Configuring Authentication Servers
- Understanding Encryption Types
- Configuring Authentication Survivability
- Configuring 802.1X Authentication for a Network Profile
- Configuring MAC Authentication for a Network Profile
- FConfiguring MAC Authentication with 802.1X Authentication
- hConfiguring MAC Authentication with Captive Portal Authentication
- Configuring WISPr Authentication
- Blacklisting Clients
- Uploading Certificates
- Roles and Policies
- Firewall Policies
- Content Filtering
- Configuring User Roles
- Configuring Derivation Rules
- Using Advanced Expressions in Role and VLAN Derivation Rules
- DHCP Configuration
- VPN Configuration
- IAP-VPN Deployment
- Adaptive Radio Management
- Deep Packet Inspection and Application Visibility
- Voice and Video
- Services
- AirGroup Configuration
- Configuring a W-IAP for RTLS Support
- Configuring a W-IAP for Analytics and Location Engine Support
- Configuring OpenDNS Credentials
- Integrating a W-IAP with Palo Alto Networks Firewall
- Integrating a W-IAP with an XML API interface
- CALEA Integration and Lawful Intercept Compliance
- W-IAP Management and Monitoring
- Managing a W-IAP from W-AirWave
- Image Management
- Resetting a W-IAP
- W-IAP and Client Monitoring
- Template-based Configuration
- Trending Reports
- Intrusion Detection System
- Wireless Intrusion Detection System (WIDS) Event Reporting to W-AirWave
- RF Visualization Support for Instant
- PSK-based and Certificate-based Authentication
- Configurable Port for W-IAP and W-AirWave Management Server Communication
- Configuring Organization String
- Managing a W-IAP from W-AirWave
- Uplink Configuration
- Intrusion Detection
- Mesh W-IAP Configuration
- Mobility and Client Management
- Spectrum Monitor
- W-IAP Maintenance
- Monitoring Devices and Logs
- Hotspot Profiles
- Understanding Hotspot Profiles
- Configuring Hotspot Profiles
- Creating Advertisement Profiles for Hotspot Configuration
- Configuring an NAI Realm Profile
- Configuring a Venue Name Profile
- Configuring a Network Authentication Profile
- Configuring a Roaming Consortium Profile
- Configuring a 3GPP Profile
- Configuring an IP Address Availability Profile
- Configuring a Domain Profile
- Configuring an Operator-friendly Profile
- Configuring a Connection Capability Profile
- Configuring an Operating Class Profile
- Configuring a WAN Metrics Profile
- Creating a Hotspot Profile
- Associating an Advertisement Profile to a Hotspot Profile
- Creating a WLAN SSID and Associating Hotspot Profile
- Creating Advertisement Profiles for Hotspot Configuration
- Sample Configuration
- ClearPass Guest Setup
- IAP-VPN Deployment Scenarios
- Terminology
150 | Captive Portal for Guest Access Dell Networking W-Series Instant 6.4.3.1-4.2.0.0 | User Guide
Configuring Walled Garden Access
On the Internet, a walled garden typically controls access to web content and services. The Walled garden
access is required when an external captive portal is used. For example, a hotel environment where the
unauthenticated users are allowed to navigate to a designated login page (for example, a hotel website) and all
its contents.
The users who do not sign up for the Internet service can view the allowed websites (typically hotel property
websites). The website names must be DNS-based and support the option to define wildcards. This works for
client devices with or without HTTP proxy settings.
When a user attempts to navigate to other websites that are not in the whitelist of the walled garden profile,
the user is redirected to the login page. In addition, a blacklisted walled garden profile can also be configured to
explicitly block the unauthenticated users from accessing some websites.
You can create a walled garden access in Instant UI or CLI.
In the Instant UI
To create a Walled Garden access:
1. Click the Security link at the top right corner of the Instant main window. The Security window is
displayed.
2. Click Walled Garden. The Walled Garden tab contents are displayed.
3. To allow the users to access a specific domain, click New and enter the domain name or URL in the
Whitelist section of the window. This allows access to a domain while the user remains unauthenticated.
Specify a POSIX regular expression (regex(7)). For example:
l yahoo.com matches various domains such as news.yahoo.com, travel.yahoo.com and
finance.yahoo.com
l www.apple.com/library/test is a subset of apple.com site corresponding to path /library/test/*
l favicon.ico allows access to /favicon.ico from all domains.
4. To deny users access to a domain, click New and enter the domain name or URL in the Blacklist section of
the window. This prevents the unauthenticated users from viewing specific websites. When a URL specified
in the blacklist is accessed by an unauthenticated user, W-IAP sends an HTTP 403 response to the client with
an error message.
If the requested URL does not appear on the blacklist or whitelist, the request is redirected to the external
captive portal.
5. To modify the list, select the domain name/URL and click Edit . To remove an entry from the list, select the
URL from the list and click Delete.
6. Click OK to apply the changes.
In the CLI
To create a Walled Garden access:
(Instant AP)(config)# wlan walled-garden
(Instant AP)(Walled Garden)# white-list <domain>
(Instant AP)(Walled Garden)# black-list <domain>
(Instant AP)(Walled Garden)# end
(Instant AP)# commit apply
Disabling Captive Portal Authentication
To disable captive portal authentication, perform the following steps:
1. Select a wireless or wired profile. Depending on the network profile selected, the Edit <WLAN-Profile> or
Edit Wired Network window is displayed.