How to whitelist URL in cnmaestro?

Hello everyone,

There is a list of website which we will need to allow only when connecting to the Wi-Fi and block access to other websites and applications such as Facebook, Watsapp and others.

We tried using whitelist in the Guest Access Portal but it doesn't work. We were still able to browse through all the websites and applications.

Kindly advise on the process of whitelisting only certain websites and blocking the others.

Thanks.

Regards,

Hi Navishag, 

             Whilelisting of URL can be done from WLAN>Access Control>DNS ACL. Please note that, specific URL needs to be added to deny communication. For eg: in.yahoo.com will not deny communication to yahoo.com. 

Regards

Anand 

1 Like

Thank you for your reply.

The whitelist of the URL is working partially when configured on the WLAN>Access Control>DNS ACL. I was able to access the site like mu.statebank, sbimauritius.com but not onlinesbiglobal.com. 

Also, when I enabled the guest portal, the splash portal does not appear even though I have configured the domain name in DNS ACL.

Is there any protocol or policy that need to be enabled?

Thanks in advance.

Regards,

Hi Navishag,

           Not clear from the explanation what is configured (allow or deny) for the URL. Please paste the DNS ACL configuration in the forum  or share the AP techsupport to check this.

            Please apply all the tabs in the Guest portal and try again. If the splash page is not individually saved, changes will not be displayed.  

Regards

Anand

Hello,

I have applied the all the tabs in the Guest portal. The whitelist works correctly but it bypasses the captive portal.

No splash portal appears.

PFA the tech support file.

Regards,

Hi Navishag, 

 

I've gone thru the configuration, and below are the findings. 

cnMaestro based ACL is enabled, Please add the MAC address in the cnMaestro Association list 

Make sure client is getting IP address and verify that in the AP , run " show wireless clients" on the AP cli or cnMaestri UI. 

In the DNS ACL , please add a permit all in the end and try whether captive portal works. 

Regards

Anand 

Hello,

Which MAC address do we need to add?

Regards,

Hi  Navishag,

          MAC authentication is a feature supported by cnPilot AP's and client MAC address can be added to allow or deny association to the SSID.From the techsupport shared earlier,I noticed that cnMaestro based MAC authentication is enabled on the AP. Please add the client MAC address to the Association ACL of the cnMaestro to allow the client to connect to the AP. 

Regards

Anand 

Hello,

There is no difference when I added my phone MAC address to Association ACL.

I was still able to connect to the AP by bypassing the splash portal and having only access to the websites defined in the DNS ACL.

The end result should be to allow any clients to connect to the AP by entering a login credetials through splash portal. Once authenticating, they should only get access to the websites defined in the DNS ACL. 

The DNS ACL works correctly but not the splash portal.

Should the MAC Authentication be changed to something else?

Regards,

Hi Navishag, 

There is no difference when I added my phone MAC address to Association ACL.

       The MAC acl is to allow the client to connect to the AP. If the MAC address of the client is not added to the Association ACL( on cnMaestro), client will be denied access to the SSID. If the MAC acl is enabled in the SSID, all the client mac addressed needs to be added to access the WLAN. MAC ACL is suggested in an environment where all the clients connected to the SSID is known in advance.  

   The end result should be to allow any clients to connect to the AP by entering a login credetials through splash portal. Once authenticating, they should only get access to the websites defined in the DNS ACL. 

          Unfortunately, this is not possible now. All the traffic to the allowed websites will be passed before guest authenticaiton. 

Regards

Anand

Hello, thank you for the information. i used the acl dns, works but the websites that i tested load really but really slow. If I connect normal through the hotspot, than the same websites load really fast. any suggestions?

thank yoy