Create aliases:
netdestination “Internal-Network” network 10.0.0.0 255.0.0.0 network 172.16.0.0 255.255.0.0 network 192.168.0.0 255.255.0.0
netdestination “Public-DNS” host 64.151.103.120 host 216.87.84.209
Create the guest-logon-access policy:
ip access-list session guest-logon-access user any udp 68 deny
user any svc-dhcp permit time-range working-hours
user alias “Public-DNS" svc-dns src-nat pool dynamic-srcnat time- range working hours
Create the auth-guest-access policy:
ip access-list session auth-guest-access user any udp 68 deny
user any svc-dhcp permit time-range working-hours
user alias “Public-DNS” svc-dns src-nat time-range working-hours user any svc-http src-nat pool dynamic-srcnat time-range working- hours
user any svc-https src-nat pool dynamic-srcnat time-range working-hours
Create the block-internal-access policy:
ip access-list session block-internal-access user alias “Internal-Network” any deny
Create the drop-and-log policy:
ip access-list session drop-and-log user any any deny log
Create the guest-logon role:
user-role guest-logon
session-acl captiveportal position 1 session-acl guest-logon-access position 2 session-acl block-internal-access position 3
48 Mobility Controller Configuration | Campus Wireless Networks Validated Reference Design Version 3.3 Design Guide |
