This articles guides on blocking guest users from accessing virtual controller's web interface.
Guest clients get an IP address from virtual controller when they connect to a SSID that is configured with virtual-controller assigned. The virtual controller acts a default gateway for these guests users. Thereby, when guests users mention the gateway IP address in the browser, it brings up the virtual controller web interface, which shouldn't be the case.
Any user or internal employee who is aware of the username and password of the virtual controller, can connect to the guest SSID and can login into the web interface, thereby gets access to change settings or bring down the network.
Therefore, it is highly recommended to block virtual controller's web interface access from the guest users by adding an ACL in the guest role and denying traffic to the port TCP 4343.
Environment : This article applies to all Aruba Instant Access Points running any version of Aruba InstantOS.
2. Select the Guest SSID and click "Edit"
3. Navigate to Acess section and select the guest role: