The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This feature helps you to add specific URLs to allowed list on the embedded wireless controller or the AP so that those specific URLs are available for use, even when there is no connectivity to the internet. You can add URLs to allowed list for web authentication of captive portal and walled garden. Authentication is not required to access the allowed list of URLs. When you try to access sites that are not in allowed list, you are redirected to the Login page.
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 2 |
urlfilter list <urlfilter-name> Example: |
Configures the URL filter profile. |
|
Step 3 |
action [ deny | permit] Example: |
Configures the list as allowed list. The permit command configures the list as allowed list and the deny command configures the list as blocked list. |
|
Step 4 |
{ redirect-server-ipv4 | redirect-server-ipv6} Example: |
Configures the IP address of the redirect servers to which the user requests will be redirected in case of denied requests. |
|
Step 5 |
url url-to-be-allowed Example: |
Configures the URL to be allowed. |
 Note |
The controller uses two IP addresses and the mechanism only allows for one portal IP to be allowed. To allow pre-authentication access to more HTTP ressources, you need to use URL filters which will dynamically makes holes in the intercept (redirect) and security (preauth) ACLs for the IPs related to the website whose URL you enter in the URL filter. DNS requests will be dynamically snooped for the controller to learn the IP address of those URLs and add it to the ACLs dynamically. |
Note |
redirect-server-ipv4 and redirect-server-ipv6 is applicable only in the local mode, specifically in post-authentication. For any further tracking or displaying any warning messages, the denied user request is redirected to the configured server. But the redirect-server-ipv4 and redirect-server-ipv6 configurations do not apply to pre-authentication scenario as you will be redirected to the controller for the redirect login URL for any denied access. |
Device(config)# wireless profile flex default-flex-profile
Device(config-wireless-flex-profile)# acl-policy user_v4_acl
Device(config-wireless-flex-profile-acl)# urlfilter list url_allowedlist_nbn
Device(config-wireless-flex-profile-acl)# exit
Device(config-wireless-flex-profile)# description "default flex profileāDevice(config)# urlfilter enhanced-list urllist_pre_cwa
Device(config-urlfilter-enhanced-params)# url url1.dns.com preference 1 action permit
Device(config-urlfilter-enhanced-params)# url url2.dns.com preference 2 action deny
Device(config-urlfilter-enhanced-params)# url url3.dns.com preference 3 action permitDevice(config)# wlan wlan5 5 wlan5
Device(config-wlan)#ip access-group web user_v4_acl
Device(config-wlan)#no security wpa
Device(config-wlan)#no security wpa
Device(config-wlan)#no security wpa wpa2 ciphers aes
Device(config-wlan)#no security wpa akm dot1x
Device(config-wlan)#security web-auth
Device(config-wlan)#security web-auth authentication-list default
Device(config-wlan)#security web-auth parameter-map global
Device(config-wlan)#no shutdown To verify the summary and the details of the URLs on the allowed list, use the following show commands:
Device# show wireless urlfilter summary
Black-list - DENY
White-list - PERMIT
Filter-Type - Specific to Local Mode
URL-List ID Filter-Type Action Redirect-ipv4 Redirect-ipv6
-------------------------------------------------------------------------------------------------------------
url-whitelist 1 PRE-AUTH PERMIT 1.1.1.1
Device#
Device# show wireless urlfilter details url-whitelist
List Name................. : url-whitelist
Filter ID............... : : 1
Filter Type............... : PRE-AUTH
Action.................... : PERMIT
Redirect server ipv4...... : 1.1.1.1
Redirect server ipv6...... :
Configured List of URLs
URL.................... : www.cisco.com
Feedback