CHAPTER 8. Security
© SAMSUNG Electronics Co., Ltd.
page 455 of 689
8.8.2
Captive Portal Configuration
To use the external BYOD service, the External Web Authentication of the Captive Portal
is necessary to be configured. The Captive Portal service must configure ACL basically and
apply the ACL to L3 security of the WLAN. Below is an example of how to configure the
captive portal to use the BYOD service.
Configuration using CLI
1) Configuring PreAuthentication ACL
PRE-AUTH ACL must have the basic permit rules for the HTTP port to DNS and web
servers.
WEC8500# configure terminal
WEC8500/configure# fqm-mode
WEC8500/configure/fqm-mode # access-list ip preauth permit seq 1 udp
any eq * any eq 53 os-aware *
WEC8500/configure/fqm-mode # access-list ip preauth permit seq 2 tcp
192.168.20.10 255.255.255.255 eq 80 any eq * os-aware *
WEC8500/configure/fqm-mode # access-list ip preauth permit seq 3 tcp
any eq * 192.168.20.10 255.255.255.255 eq 80 os-aware *
WEC8500/configure/fqm-mode # access-list ip preauth permit seq 4 tcp
90.90.100.120 255.255.255.255 eq 80 any eq * os-aware *
WEC8500/configure/fqm-mode # access-list ip preauth permit seq 5 tcp
any eq * 90.90.100.120 255.255.255.255 eq 80 os-aware *
WEC8500/configure/fqm-mode # ip access-group wireless preauth
WEC8500/configure/wlan 1/security/layer3# pre-auth-acl preauth
2) Configuring WLAN
To configure WLAN, set a guest flag and designate the configuration of the web
policy of Layer 3 as authentication.
WEC8500# configure terminal
WEC8500/configure# wlan 1
WEC8500/configure/ wlan 1# guest-flag
WEC8500/configure/ wlan 1# security
WEC8500/configure/ wlan 1/security# layer3
configure/wlan 1/security/layer3# web-policy authentication
3) Configuring Web Authentication Type
WEC8500/configure/security/captive-portal # web-auth
WEC8500/configure/security/captive-portal/web-auth#auth-type external
WEC8500/configure/security/captive-portal/web-auth#external-url
http://90.90.100.120/pc/zero_page.jsp