启用可选的圈养门户配置
您可以配置optionalcaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.pages by using the WebUI or theCLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.。
本节描述了以下主题:
SSID协会上传圈养门户页面
您可以上传自定义登录页面captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.进入managed device通过webui。这SSID服务Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.to which the client associates determines thecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.显示登录页面。
您指定captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.登录页面captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.身份验证配置文件,以及其他可配置的参数。初始用户角色配置必须包括适用的captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.身份验证配置文件实例。(如果是captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.在基本操作系统中,初始用户角色将自动创建captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.身份验证配置文件实例。)然后,您指定了初始用户角色captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.在里面AAA身份验证,授权和会计。AAA是一个安全框架,可以对用户进行身份验证,授权基于用户凭据的访问类型,并记录有关网络访问和网络资源消耗的身份验证事件以及信息。配置文件wlanWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection.。
什么时候you have multiplecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.加载在managed device,您必须配置唯一的初始用户角色和用户角色,并且captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.身份验证概况,AAA身份验证,授权和会计。AAA是一个安全框架,可以对用户进行身份验证,授权基于用户凭据的访问类型,并记录有关网络访问和网络资源消耗的身份验证事件以及信息。轮廓,SSID服务Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.配置文件和每个的虚拟AP配置文件wlanWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection.那将使用captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.。例如,如果您想拥有不同的captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.login pages for the engineering, business and faculty departments, you need to create and configure according toTable 1。
实体 |
工程 |
Business |
Faculty |
eng-login.html |
公共汽车-login.html |
fac-login.html |
|
工程user |
公共汽车-user |
Fac-user |
|
恩格-CP (Specify eng-login.html and eng-user) |
巴士-CP (指定BUS-LOGIN.HTML和BUS-USER) |
fac-cp (Specify bus-login.html and fac-user) |
|
Initial user role |
恩格 - 罗登 (Specify the eng-cp profile) |
公共汽车 (Specify the bus-cp profile) |
fac-logon (指定FAC-LOGON配置文件) |
AAA身份验证,授权和会计。AAA是一个安全框架,可以对用户进行身份验证,授权基于用户凭据的访问类型,并记录有关网络访问和网络资源消耗的身份验证事件以及信息。profile |
工程aaa (Specify the eng-logon user role) |
Bus-aaa (指定巴士用户角色) |
FAC-AAA (指定FAC-Logon用户角色) |
虚拟AP配置文件 |
工程vap |
公共汽车-vap |
fac-vap |
将协议更改为HTTP
默认情况下,HTTPS超文本传输协议安全。HTTPS是HTTP的变体,它通过安全套接字层或传输层安全协议连接在运输中添加了一层安全性。协议用于重定向到Captive PortalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.页。If you need to useHTTP超文本传输协议。HTTP是通过Web传输数据的应用程序协议。HTTP协议定义了如何格式和传输消息,以及W服务器和浏览器应采取的操作以响应各种命令。相反,您需要执行以下操作:
Modify thecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.身份验证配置文件以启用HTTP超文本传输协议。HTTP是通过Web传输数据的应用程序协议。HTTP协议定义了如何格式和传输消息,以及W服务器和浏览器应采取的操作以响应各种命令。protocol.
For captive portal with role-based access only—Modify thepolicy to permitHTTP超文本传输协议。HTTP是通过Web传输数据的应用程序协议。HTTP协议定义了如何格式和传输消息,以及W服务器和浏览器应采取的操作以响应各种命令。traffic instead ofHTTPS超文本传输协议安全。HTTPS是HTTP的变体,它通过安全套接字层或传输层安全协议连接在运输中添加了一层安全性。traffic.
在里面base operating system, the implicitACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.- profile会自动修改。
以下procedure describes how to change the protocol toHTTP超文本传输协议。HTTP是通过Web传输数据的应用程序协议。HTTP协议定义了如何格式和传输消息,以及W服务器和浏览器应采取的操作以响应各种命令。:
1.登录到Mobility Master。
2.在里面节点层次结构,编辑captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.authentication profile by navigating to the标签。
3.Select acaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.配置文件,启用check box and click。
一个。选择要添加或删除新规则的策略。
b.Click在里面table. Select a然后单击。
c.添加一个具有以下值的新规则:
是用户。
是Mswitch别名。
是SVC-HTTP。
是dst-nat。
d.Click
5.Click。
6.在里面窗口,选择复选框,然后单击。
以下CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.命令将协议更改为HTTP超文本传输协议。HTTP是通过Web传输数据的应用程序协议。HTTP协议定义了如何格式和传输消息,以及W服务器和浏览器应采取的操作以响应各种命令。:
(主机)[MD](配置)#aaa authentication captive-portalprofile
protocol-http
(为了captive portal with role-based access only)
(主机)[MD](配置)#IP访问列表会话captiveportal
no user alias mswitch svc-https dst-nat
user alias mswitch svc-http dst-nat
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
Configuring Redirection to a Proxy Server
您可以配置captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.使用代理服务器。当代理Web servers are used, browser proxy server settings for end users are configured for the IP address andTCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data.代理服务器的端口。什么时候the user opens a Web browser, theHTTP超文本传输协议。HTTP是通过Web传输数据的应用程序协议。HTTP协议定义了如何格式和传输消息,以及W服务器和浏览器应采取的操作以响应各种命令。或者HTTPS超文本传输协议安全。HTTPS是HTTP的变体,它通过安全套接字层或传输层安全协议连接在运输中添加了一层安全性。连接请求必须从代理服务器重定向到captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.在托管设备。
(为了captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.和base operating system) Modify thecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.身份验证配置文件以指定IP地址和TCPTransmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data.代理服务器的端口。
(为了captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.和role-based access) Modify thepolicy to have traffic for the port destination of the proxy server with纳特Network Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device.applied to port 8088 on themanaged device。
这base operating system automatically modifies the implicitACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.captive-portal-profile。
以下各节描述了如何使用webui和CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.to configure thecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.使用代理服务器。
什么时候HTTPS超文本传输协议安全。HTTPS是HTTP的变体,它通过安全套接字层或传输层安全协议连接在运输中添加了一层安全性。traffic is redirected from a proxy server to themanaged device,用户浏览器将显示一个警告,即证书上的主题名称与用户连接的主机名不匹配。 |
以下procedure describes how to redirect proxy server traffic:
1.登录到Mobility Master。
2.Forcaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.和Aruba基础操作系统节点层次结构,编辑captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.authentication profile by navigating to the页。
b.Click。
4.选择要编辑的策略。
5.Click在里面table. Select a然后单击。
6.添加一个具有以下值的新规则:
一个。是用户。
b.是any.
e.是dst-nat。
f.是个IP地址of the proxy port.
g.是个代理服务器上的端口。
7。Click。
8。Click。
9。在里面窗口,选择复选框,然后单击。
以下CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.commands redirect proxy server traffic:
(主机)[MD](配置)#aaa authentication captive-portalprofile
代理主持人ipaddrportport
(主机)[MD](配置)#IP访问列表会话captiveportal
用户别名MSWITCH SVC-HTTPS许可证
user any tcpportDST-NAT 8088
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
在不同的VLAN上重定向客户
您可以重定向不同的无线客户端Vlans虚拟局域网。在计算机网络中,可以对单层2网络进行分区,以创建多个不同的广播域,它们是相互隔离的,因此数据包只能通过一个或多个路由器之间传递它们。这样的域称为虚拟局域网,虚拟LAN或VLAN。(从IP地址managed device) to thecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.在managed device。To do this:
1.Specify the redirect address for thecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.。
2.Forcaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.与pefng防火墙策略实施。PEF也称as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel.license only, you need to modify thepolicy that is assigned to the user. To do this:
一个。Create a network destination alias to themanaged deviceinterface.
b.修改规则集以允许HTTPS超文本传输协议安全。HTTPS是HTTP的变体,它通过安全套接字层或传输层安全协议连接在运输中添加了一层安全性。to the new alias instead of the mswitch alias.
在里面base operating system, the implicitACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.captive-portal-profile自动修改。 |
此示例显示了如何使用命令行界面创建名为CP-REDIRECT的网络目标,并在captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.政策:
(主机)[MD](config)#IP CP-REDIRECT-ADDRESSipaddr
Forcaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.和pefng防火墙策略实施。PEF也称as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel.license:
(主机)[MD](配置)#netdestination cp-redirect
(host) [md] (config-submode)#ip access-list session captiveportal
user别名CP还原SVC-HTTPS许可证
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
Web客户端配置带有代理脚本
如果Web客户端代理配置是通过代理脚本分发的(a.pac文件),您需要配置policy to allow the client to download the file. Note that in order modify the captiveportal policy, you must have thepefng防火墙策略实施。PEF也称as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel.license installed in themanaged device。
以下procedure describes how to allow clients to download proxy script:
1.登录到Mobility Master。
2.Edit thecaptiveportal通过导航到tab in thenode hierarchy.
3.选择要编辑的策略。
4.Click在里面table. Select a然后单击。
5.添加一个具有以下值的新规则:
是。
是。
是个IP地址of the proxy server.
是或者
是。
6.Click添加规则。
7。Click。
8。在里面窗口,选择复选框,然后单击。
以下CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.commands allow clients to download proxy script:
(主机)[MD](配置)#IP访问列表会话captiveportal
用户别名MSWITCH SVC-HTTPS许可证
user any tcp port dst-nat 8088
user hostipaddrSVC-HTTPS许可证
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
