Dell PowerConnect W Clearpass 100 Software ArubaOS Integration Guide - Page 23

Amigopod and ArubaOS Integration Application Note Define a Policy to Permit Traffic to Amigopod A new firewall policy must be created and assigned to the initial role allocated to unauthenticated guest users to allow the successful redirect to the captive portal page defined on Amigopod. These policies can be simplified by using the existing network destination alias as defined in the campus VRD baseline configuration. Amigopod Netdestination Alias netdestination Amigopod host 10.169.130.50 Figure 12 Amigopod netdestination alias Based on the nature of the captive portal traffic, HTTP and HTTPS traffic are permitted through this policy to the Amigopod IP address. Depending on the routing topology in place at each customer environment, Network Address Translation (NAT) may be used to hide the source address space allocated to guest users. NAT can be implemented in the following two methods within the ArubaOS controller:  Source NAT all traffic from the guest VLAN on the controller.  Source NAT traffic per application through the use of policies in the PEF configuration on the controller. Based on these topology and routing decisions, the configuration of the policies to permit the initial redirect traffic to Amigopod will change slightly. Source NAT on VLAN If you are performing a source NAT on the VLAN, use this configuration. Aruba Networks, Inc. ArubaOS Configuration | 23