You are here: CLI_commands > wlan walled-garden
Previous TopicNext Topic

wlan walled-garden

wlan walled-garden

white-list <domain>

black-list <domain>

no…

Description

This command configures a walled garden to control user access to the Web content and services. The walled garden access is required when an external captive portal is used.

Syntax

Command/Parameter

Description

Range

Default

wlan walled-garden Creates a Walled Garden profile for the IAP.
white-list <domain>

Configures a whitelist of URLs to allow the authenticated users to access to a specific domain.

You can specify the URLs which the users can access. To allow access to various sites in the same domain, you can specify a POSIX regular expression (regex(7)). For example, yahoo.com/* to provide access to various domains such as news.yahoo.com, travel.yahoo.com and finance.yahoo.com. Similarly, the www.apple.com/library/test is only allow a subset of www.apple.com site corresponding to path /library/test/*.

URLs, URLs with POSIX regular expression (regex(7))

black-list <domain>

Configures a blacklist to prevent the users from accessing the websites in a specific domain.

You can specify the URLs for which the user access is denied. When a URL specified in blacklist is accessed by an unauthenticated user, IAP sends an HTTP 403 response to the client with a simple error message.

URLs

no… Removes the configuration.

Usage Guidelines

Use this command to configure a walled garden profile. A walled garden access is required when an external captive portal is used. For example, a hotel environment where the unauthenticated users are allowed to navigate to a designated login page (for example, a hotel website) and all its contents.

The users who do not sign up for the Internet service can view the “allowed” websites (typically hotel property websites). The website names must be DNS-based and support the option to define wildcards. This works for client devices with or without HTTP proxy settings.

When a user attempts to navigate to other websites not in the whitelist of the walled garden profile, the user is redirected to the login page. Similarly, a blacklisted walled garden profile blocks the users from accessing some websites.

Example

The following example configures a walled garden profile:

(Instant AP)(config)# wlan walled-garden

(Instant AP)(Walled Garden)# white-list <domain>

(Instant AP)(Walled Garden)# black-list <domain>

(Instant AP)(Walled Garden)# end

(Instant AP)# commit apply

Command History

Version

Description

Aruba Instant 6.2.1.0-3.3

This command is introduced.

Command Information

IAP Platform

Command Mode

All platforms

Configuration mode