Configuring web portal redirect

The generic CLI structure for defining and applying IP and MAC filters is described in the 7450 ESS, 7750 SR, 7950 XRS, and VSR Router Configuration Guide.

The following example displays an IP filter entry configuration for web-portal redirect:

A:ALA-A>config>filter# info
----------------------------------------------
    ip-filter 10 create
        description ‟filter to forward DNS and web traffic to my portal; redirect al
l other web traffic to the portal and drop everything else”
        default-action drop
        entry 10 create
            description ‟allows DNS traffic”
                match protocol 17 
                dst-port 53
            exit
            action forward 
        exit
        entry 20 create
            description ‟allows web traffic destined to portal (IP address 10.0.0.1)
”
            match protocol 6
                dst-port eq 80
                dst-ip 10.0.0.1
            exit
            action forward 
        exit
        entry 30
            description ‟redirects all web traffic to portal”
            match protocol 6
                dst-port eq 80
            exit
            action http-redirect http://www.myportal.com/defaultportal/
login.cgi?ip=$IP&mac=$MAC&orig_url=$URL&usb=$SUB
        exit
    exit
----------------------------------------------
A:ALA-A>config>filter#

• Filter entry 10 in the example output allows the customer to access DNS to get the IP address of the original website they are trying to view.

• Entry 20 allows HTTP packets destined for the captive portal itself to be forwarded.

  Note: The actual IP address (a.b.c.d) must be entered, not the DNS name (‟www.myportal.com”). The IP address can be easily resolved from the 7450 ESS or 7750 SR CLI using the ping command.

• Entry 30 (which is the last option that does not drop the customer packets) checks for HTTP protocol and then starts the redirection process:

  • The 7450 ESS or 7750 SR intercepts the HTTP GET from the subscriber and respond with an HTTP 302 (temporarily moved) with the URL configured in the filter entry. This URL can contain some variables, notably the customer IP and MAC addresses to allow the portal to create an entry for the customer. The original requested URL is also included to redirect the client site back to the original requested site when the process is done.

  • The client then closes the connection with the original IP address and open a connection to the redirected server. Entry 20 allows this connection.

The following displays how the redirection filter configured above is assigned to an ingress SAP:

A:ALA-A>config>service>vpls# info
----------------------------------------------
    vpls 3 customer 6 create
        description "VPLS with web portal redirection filter applied"
        sap 2/1/5:0 create
            ingress
                filter ip 10
            exit
        exit
        no shutdown
    exit
----------------------------------------------
A:ALA-A>config>service>vpls#