Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor II
Posts: 11
Registered: ‎07-22-2012

Guest network not working as expected

Hi, I have 4x IAP105 accesspoints. I enabled the guest access with separate SSID and role based policies. Here are the details:

Primary usage: Guest

Vlan: VC assigned

Security:

  Splashpage : Internal authenticated

  Auth Server: Internal Server

  Re Auth Interval : 30 Mnts

  Internal server: 2 users

Access:

  Http-Access to all dest.

  Https-Access to all dest.

  DNS-access to all dest.

  any-deny-to all dest.

 

So, to my question now. My goal is to protect the guest looking at my internal network. They only required to browse the internet. They should not ping, telnet, search servers etc. And they should receive authentication screen before browsing started.

 

But, now, with above configuration, they are able to use the outlook, they can browse the internet without authentication! but they cannot ping to the servers, thats good. I am surprised why the authentication screen dont display to them.

 

Please let me know what is the best practice for the guest network and what access policies should define and what is the order of the policy placement.

 

Thanks for your support.

 

MVP
Posts: 2,866
Registered: ‎10-25-2011

Re: Guest network not working as expected

You are doing the policy incorrectly

 

Look

Withyour policy you are allowing http access to all the internal servers

dns access to all internal servers and also https access to all internal servers

 

The rule should be like this

 

Let say your internal networks are

192.168.1.0/24

192.168.2.0/24

192.168.3.0/24

 

all access deny  to 192.168.1.0/24

all access deny  to 192.168.2.0/24

all access deny  to 192.168.3.0/24

all access allow dns to all destination

all access allow http to all destination

all access allow https to all destination

 

That if you just want to allow access to http https and dns to the internet

 

Now remenber that if you got a webfilter and the ip address of the AP is the one that you need to use.... i dont know if you understand this part?

You need to use the IP addresses of the APs to use the webfilter correctly.

 

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
Showing results for 
Search instead for 
Did you mean: