CHAPTER 8. Security
© SAMSUNG Electronics Co., Ltd.
page 411 of 689
8.3.2
Configuring Pre-Auth ACL
To operate the captive portal services, redirection must be basically performed and if a drop
occurs by the Pre-Auth ACL of the WLAN, the redirection is performed.
Accordingly, the proper configuration of the ACL for Pre-Auth is necessary depending on
types of captive portal services.
For the Pre-Auth ACL, the DNS permit rule, and the permit rule for the web service
address used by the captive portal are basically necessary and the permit rule of the address
of the external web server is additionally necessary if the external web server is used.
Configuration using CLI
To configure the Pre-Auth ACL, execute the following command:
1) Go to configure
fqm-mode configuration mode of CLI.
WEC8500# configure terminal
WEC8500/configure# fqm-mode
2) Configure an access list.
WEC8500/configure/fqm-mode#
WEC8500/configure/fqm-mode# access-list ip guest_acl permit seq 1 udp
any eq * any eq 53 os-aware *
WEC8500/configure/fqm-mode# access-list ip guest_acl permit seq 2 tcp
192.168.20.10 255.255.255.255 eq 80 any eq * os-aware *
WEC8500/configure/fqm-mode# access-list ip guest_acl permit seq 3 tcp
any eq * 192.168.20.10 255.255.255.255 eq 80 os-aware *
WEC8500/configure/fqm-mode# access-list ip guest_acl permit seq 4 tcp
90.90.100.120 255.255.255.255 eq 80 any eq * os-aware *
WEC8500/configure/fqm-mode# access-list ip guest_acl permit seq 5 tcp
any eq * 90.90.100.120 255.255.255.255 eq 80 os-aware *
WEC8500/configure/fqm-mode# access-list ip guest_acl permit seq 6 udp
any eq * any eq * os-aware *
WEC8500/configure/fqm-mode# access-list ip guest_acl permit seq 7 tcp
192.168.10.10 255.255.255.255 eq 80 any eq * os-aware *
WEC8500/configure/fqm-mode# access-list ip guest_acl permit seq 8 tcp
any eq * 192.168.10.10 255.255.255.255 eq 80 os-aware *
WEC8500/configure/fqm-mode# access-list ip guest_acl permit seq 10 tcp
192.168.0.0 255.255.0.0 eq * any eq 443 os-aware *
Configuration using Web UI
In the menu bar of
<WEC Main window
>, select
<Configuration>
and then select the
<IP ACL>
menu in the
<Access Control Lists
> sub-menu of
<Security>
in the sub-
menus.
Select Add on the
<IP ACL>
screen and then configure the ACL.