Creating Walled Garden Access

On the Internet, a walled garden Walled garden is a feature that allows blocking of unauthorized users from accessing network resources. typically controls a user access to web content and services. The walled garden Walled garden is a feature that allows blocking of unauthorized users from accessing network resources. directs the user navigation within particular areas to allow access to a selection of websites or prevent access to other websites.

Walled garden access is needed when an external or internal captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. is used. A common example could be a hotel environment where unauthenticated users are allowed to navigate to a designated login page (for example, a hotel website) and all its contents.

Users who do not sign up for Internet service can view “allowed” websites (typically hotel property websites). The website names must be DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element.-based (not IP address based) and support the option to define wildcards.

HTTP Hypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. or HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. proxy does not work when walled garden Walled garden is a feature that allows blocking of unauthorized users from accessing network resources. is implemented as a user-role using domain name ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port.. For example, user alias example.com any permit.

When a user attempts to navigate to other websites not configured in the white list walled garden Walled garden is a feature that allows blocking of unauthorized users from accessing network resources. profile, the user is redirected back to the login page. In addition, the black listed walled garden Walled garden is a feature that allows blocking of unauthorized users from accessing network resources. profile is configured to explicitly block navigation to websites from unauthenticated users.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. example configures a destination named Mywhite-list and adds the domain names, example.com and example.net to that destination using the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.. It then adds the destination name Mywhite-list (which contains the allowed domain names example.com and example.net) to the white list.

(host) [md] (config)# netdestination "Mywhite-list"

(host) [md] (config)#name example.com

(host) [md] (config)#name example.net

 

(host) [md] (config) #aaa authentication captive-portal default

(host) [md] (Captive Portal Authentication Profile "default")#white-list Mywhite-list

The following procedure describes how to configure a walled garden Walled garden is a feature that allows blocking of unauthorized users from accessing network resources. access:

  1. Login to the Mobility Master.
  2. In the Managed Networknode hierarchy, navigate to Configuration > Roles and Policies > Policies tab.
  3. Click + to add a new policy.
  4. Enter Policy Name and set the Policy Type to Session.
  5. Select the newly created policy name and Click + in Policy <Name of the policy> Rules to add a new rule.
  6. Select Access Control as the Rule Type and click OK.
  7. In the New forwarding Rule window:
    1. Select the IP version of the managed device, IPv4 or IPv6, from the IP Version drop-down list.
    2. Select the destination as Alias.
    3. Select the Destination Alias as Mywhite-list.
  8. Click Submit.
  9. Navigate to Configuration > Authentication > L3 Authentication.
  10. Select Captive Portal Authentication Profile and select a profile.
  11. To allow users to access a domain, enter the destination name that contains the allowed domain names in the White List field. This stops unauthenticated users from viewing specific domains such as a hotel website.

    A rule in the white list must explicitly permit a traffic session before it is forwarded to the managed device. The last rule in the white list denies everything else.

  12. To deny users access to a domain, enter the destination name that contains prohibited domain names in the Black List field. This prevents unauthenticated users from viewing specific websites.
  13. Click Submit.
  14. Click Pending Changes.
  15. In the Pending Changes window, select the check box and click Deploy changes.

Related Topics

Enabling Captive Portal Enhancements