ACLs for Steller AP1221

Topic

ACLs for Steller AP1221

Hello guys,

I am going to tell about our problem. Our client have a Omnivista 2500 with 34 Stellar AP1221. I have configured two SSID, we have AP Groups, and I am seeing the AP in the dashboard. The client have a special requierments, for two SSID we need to join firts with PSK, and then open Captive Portal for browing Internet. However, If I dont login in the captive portal I should can to connect to internal server only.

I have configured it in WLC Aruba, however this is my firts time with AP Alcatel and I have tried but I cant solutions. I create a policy where accept to internal server however always open captive portal.

Any idea ?

Date

10.06.2020

answers

views

Author

Asked by security-col

Answers

ACL will not work when Captive portal is enabled as built-in ACLs kick in which are not allowed to modify.

Whitelist is the way to move forward. You can reach out to support to see if they can provide any other solution which can help.

Date

12.06.2020

Author

Asked by thanjavuru

Add Comment

Vote

Comments

by security-col

OK. I understand. It will work if the internal servers hace FQDN. However I want too can to access in the network printer. In this case is neccesarry authenticate in the captive portal really? ACL should be work in the access role profile when you authenticate in the captive portal. I open a case with support for this case. Thanks

by thanjavuru

Normally Captive portal is used for Guest Access. without successful web authentication i do not see a need for printer in any use case for Guest. Why PSK before captive portal is to avoid attacks like exhausting DHCP leases etc.

Hi In SSID configuration , You can whitelist the Internal server FQDN as i did it for www.openrainbow.com as attached.

IP addresses and http/https suffixes are not allowed

Hope it helps

Attachments:

Screenshot 2020-06-11 at 8.46.29 AM.png

Date

11.06.2020

Author

Asked by thanjavuru

Add Comment

Vote

Comments

by security-col

OK. I understand your solution however the client dont have FQDN for internal servers. I will try it but i dont know. I dont understand why ACL dont work? I attach the policy configurate. In this case I try to denegate access to that server. I dont sure if I good configure the ACL, I try of many ways and it dont block and it open captive portal for internal server. The flow of authentication should be: 1. Authentication in SSID with PSK 2. If PSK is correct open captive portal 3. If I want to access to internal servers I dont need to login in the captive portal, but if I access to Internet I need to login in the captive portal with username and password.

Go to WP login page

Top members

oma-stellar
55 answers

olivier-stellar
43 answers

thanjavuru
37 answers

View leaderboard
Join Spacewalkers

Get ready to join Alcatel-Lucent Enterprise Network community! Get access to collaborative conversations dedicated to network and technology. Share advices, questions and opinions in the dedicated forum. Read blog posts and learn more about innovative products and solutions. Create your account and join our IT stars!
Newsletter

Receive communication about the latest news, community insights and new assets.

Forum

ACLs for Steller AP1221

Topic

ACLs for Steller AP1221

Answers