You are here: Captive Portal for Guest Access > Configuring Walled Garden Access
Previous TopicNext Topic

Configuring Walled Garden Access

On the Internet, a walled garden typically controls access to Web content and services. The Walled garden access is required when an external captive portal is used. For example, a hotel environment where the unauthenticated users are allowed to navigate to a designated login page (for example, a hotel website) and all its contents.

The users who do not sign up for the Internet service can view the “allowed” websites (typically hotel property websites). The website names must be DNS-based and support the option to define wildcards. This works for client devices with or without HTTP proxy settings.

When a user attempts to navigate to other websites, which are not in the whitelist of the walled garden profile, the user is redirected to the login page. In addition, a blacklisted walled garden profile can also be configured to explicitly block the unauthenticated users from accessing some websites.

You can create a walled garden access in Instant UI or CLI.

In the Instant UI

To create a Walled Garden access:

1. Click the Security link at the top right corner of the Instant main window and click Walled Garden. The Walled Garden tab contents are displayed.
2. To allow users to access a specific domain, click New and enter the domain name or URL in the Whitelist section of the window. This allows access to a domain while the user remains unauthenticated. Specify a POSIX regular expression (regex(7)). For example: matches various domains such as, and is a subset of site corresponding to path /library/test/* 
favicon.ico allows access to /favicon.ico from all domains.
3. To deny users access to a domain, click New and enter the domain name or URL in the Blacklist section of the window. This prevents the unauthenticated users from viewing specific websites. When a URL specified in the blacklist is accessed by an unauthenticated user, IAP sends an HTTP 403 response to the client with a simple error message.

If the requested URL does not appear on the blacklist or whitelist list, the request is redirected to the external captive portal.

4. Select the domain name/URL and click Edit to modify or Delete to remove the entry from the list.
5. Click OK to apply the changes.

In the CLI

To create a Walled Garden access:

(Instant AP)(config)# wlan walled-garden

(Instant AP)(Walled Garden)# white-list <domain>

(Instant AP)(Walled Garden)# black-list <domain>

(Instant AP)(Walled Garden)# end

(Instant AP)# commit apply