There is a list of website which we will need to allow only when connecting to the Wi-Fi and block access to other websites and applications such as Facebook, Watsapp and others.
We tried using whitelist in the Guest Access Portal but it doesn't work. We were still able to browse through all the websites and applications.
Kindly advise on the process of whitelisting only certain websites and blocking the others.
Whilelisting of URL can be done from WLAN>Access Control>DNS ACL. Please note that, specific URL needs to be added to deny communication. For eg: in.yahoo.com will not deny communication to yahoo.com.
The whitelist of the URL is working partially when configured on the WLAN>Access Control>DNS ACL. I was able to access the site like mu.statebank, sbimauritius.com but not onlinesbiglobal.com.
Also, when I enabled the guest portal, the splash portal does not appear even though I have configured the domain name in DNS ACL.
Is there any protocol or policy that need to be enabled?
MAC authentication is a feature supported by cnPilot AP's and client MAC address can be added to allow or deny association to the SSID.From the techsupport shared earlier,I noticed that cnMaestro based MAC authentication is enabled on the AP. Please add the client MAC address to the Association ACL of the cnMaestro to allow the client to connect to the AP.
There is no difference when I added my phone MAC address to Association ACL.
I was still able to connect to the AP by bypassing the splash portal and having only access to the websites defined in the DNS ACL.
The end result should be to allow any clients to connect to the AP by entering a login credetials through splash portal. Once authenticating, they should only get access to the websites defined in the DNS ACL.
The DNS ACL works correctly but not the splash portal.
Should the MAC Authentication be changed to something else?
There is no difference when I added my phone MAC address to Association ACL.
The MAC acl is to allow the client to connect to the AP. If the MAC address of the client is not added to the Association ACL( on cnMaestro), client will be denied access to the SSID. If the MAC acl is enabled in the SSID, all the client mac addressed needs to be added to access the WLAN. MAC ACL is suggested in an environment where all the clients connected to the SSID is known in advance.
The end result should be to allow any clients to connect to the AP by entering a login credetials through splash portal. Once authenticating, they should only get access to the websites defined in the DNS ACL.
Unfortunately, this is not possible now. All the traffic to the allowed websites will be passed before guest authenticaiton.
Hello, thank you for the information. i used the acl dns, works but the websites that i tested load really but really slow. If I connect normal through the hotspot, than the same websites load really fast. any suggestions?