Configuring Walled Garden Access - Aruba IAP-335 User Manual

The client can connect to this SSID after authenticating with username and password. After a successful user
login, the captive portal role is assigned to the client.
In the CLI
To create a captive portal role:
(Instant AP)(config)# wlan access-rule <Name>
(Instant AP)(Access Rule <Name>)# captive-portal {external [profile <name>]|internal}
(Instant AP)(Access Rule <Name>)# end
(Instant AP)# commit apply

Configuring Walled Garden Access

On the Internet, a walled garden typically controls access to web content and services. The walled garden
access is required when an external captive portal is used. For example, a hotel environment where the
unauthenticated users are allowed to navigate to a designated login page (for example, a hotel website) and all
its contents.
The users who do not sign up for the Internet service can view the allowed websites (typically hotel property
websites). The website names must be DNS-based and support the option to define wildcards. When a user
attempts to navigate to other websites that are not in the whitelist of the walled garden profile, the user is
redirected to the login page. IAP supports walled garden only for the HTTP requests. For example, if you add
yahoo.com in walled garden whitelist and the client sends an HTTPS request (https://yahoo.com), the
requested page is not displayed and the users are redirected to the captive portal login page.
In addition, a blacklisted walled garden profile can also be configured to explicitly block the unauthenticated
users from accessing some websites.
You can create a walled garden access in Instant UI or the CLI.
In the Instant UI
To create a walled garden access:
1. Click the Security link at the top of the Instant main window. The Security window is displayed.
2. Click Walled Garden. The Walled Garden tab contents are displayed.
3. To allow the users to access a specific domain, click New and enter the domain name or URL in the
Whitelist section of the window. This allows access to a domain while the user remains unauthenticated.
Specify a POSIX regular expression (regex(7)). For example:
yahoo.com matches various domains such as news.yahoo.com, travel.yahoo.com and
l
finance.yahoo.com
www.apple.com/library/test is a subset of www.apple.com site corresponding to path /library/test/*
l
favicon.ico allows access to /favicon.ico from all domains.
l
4. To deny users access to a domain, click New and enter the domain name or URL in the Blacklist section of
the window. This prevents the unauthenticated users from viewing specific websites. When a URL specified
in the blacklist is accessed by an unauthenticated user, IAP sends an HTTP 403 response to the client with
an error message. If the requested URL does not appear on the blacklist or whitelist, the request is
redirected to the external captive portal.
5. To modify the list, select the domain name/URL and click Edit . To remove an entry from the list, select the
URL from the list and click Delete.
6. Click OK to apply the changes.
In the CLI
To create a walled garden access:
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide Captive Portal for Guest Access | 141