A3 Online Help

Menu path: Configuration > Network Configuration > Fencing.

The registration and isolation networks are fenced-off from everything outside of its VLAN and network. This page enables access outside of these network that can be necessary to display the web portal and/or access external authentication servers.

The fields on this page are:


Topic	Usage	Example
Wait for Redirect	The number of seconds the web service should wait before disassociating or reassigning the VLAN. If there is no wait period, the device can switch VLAN before it has a chance to load the redirection page.	1
Whitelist	A comma-delimited list of MAC addresses that are immune to isolation.
Address Ranges	Address ranges and CIDR blocks that A3 will monitor, detect, and trap on. Gateway, network, and broadcast addresses are ignored. Comma-delimited entries should be of the form a.b.c.0/24, a.b.c.0-255, a.b.c.0-a.b.c.255, or a.b.c.d. If this field is blank, all addresses except for gateway, network, and broadcast addresses will be watched.
Passthrough	When enabled, the true address for the items in Passthrough Domains will be returned as opposed to A3's own address. This only applies to the Registration network, use the Isolation Passthrough setting below for the Isolation Network. Note: NOTE: modifying this parameter requires a restart of the pfdns and iptables services for the changes to take place. Use the buttons at the bottom of the page.
Passthrough Domains	If Passthrough is enabled, this setting is a comma-separated list of domains to enable access to from the registration VLAN. If no port is specified for the domain (e.g.: example.com) TCP ports 80 and 443 are opened. A specific port can be opened (e.g.: example.com:tcp:25) which opens port 25 in TCP. When no protocol is specified (e.g.: example.com:25), the port is open for both the UDP and TCP protocol. The same domain can be used with different ports multiple times; they will be combined. Note: NOTE: modifying this parameter requires a restart of the pfdns service for the changes to take place. Use the buttons at the bottom of the page.
Proxy Passthroughs	If Passthrough is enabled, this setting defines proxy passthroughs. A passthrough acts as a proxy for a web server, fetching web pages and other information on behalf of the user. A number of Built-in Proxy Passthroughs are included and listed here. In addition to those provided, a comma-delimited list of domains can be added. No port specification is allowed. Port 80 is always used.
Isolation Passthrough	When enabled, A3 uses the built-in DNS service pfdns. Web sites in the domains listed will be reachable from the Isolation network. Note: NOTE: modifying this parameter requires a restart of the pfdns and iptables services for the changes to take place. Use the buttons at the bottom of the page.
Isolation Passthrough Domains	If Passthrough is enabled, this field is a comma-separated list of domains to enable access from the Isolation VLAN. If no port is specified for the domain (e.g.: example.com) TCP ports 80 and 443 are opened. A specific port can be opened (e.g.: example.com:tcp:25) which opens port 25 in TCP. When no protocol is specified (e.g.: example.com:25), the port is open for both the UDP and TCP protocol. The same domain can be used with different ports multiple times; they will be combined. Note: NOTE: modifying this parameter requires a restart of the pfdns service for the changes to take place. Use the buttons at the bottom of the page.
Proxy Interception	If enabled, proxy requests on the ports specified in the Proxy Interception Port are intercepted and sent to the captive portal. This is only applicable to layer 2 networks, as A3 must be the default gateway.
Proxy Interception Port	A comma-separated list of ports used for proxy interception.	8080, 3128