Controller-less WLANs

 View Only
last person joined: one year ago 

Articles relating to existing and legacy HPE Aruba Networking products and solutions including IAP, Central / HPE Aruba Networking Central, MSR, and Outdoor Mesh
Back to Library

Restricted corporate access feature on IAP 4.0 

Jun 27, 2014 05:13 PM

Advantages and Features of Restricted Corporate access 4.0
-----------------------------------------------------------------------------------

1. IAP currently supports corporate access from upstream devices using the master AP as the VPN gateway.
2. In single AP VPN deployments using a shared unmanaged switch, this can be exploited by rogue clients/IAPs to gain corporate access.
3. This feature provides a way to restrict corporate access (through VPN tunnel ) to clients/Slave APs on upstream.
4. The feature works by changing the permit/src-nat rule on uplink ACL (ACL 106) to deny traffic to corporate subnet.
 
rtaImage.png
 
 
 
 
rtaImage (1).png
 
 
 
 
WEBUI Configuration:-
 
rtaImage.jpg
 
 
CLI configuration:-
------------------------

Configuration CLI -->restrict-corp-access
Show CLI > “show summary” includes information about configured restricted management subnets

6c:f3:7f:c3:67:4a (config) # restrict-corp-access
6c:f3:7f:c3:67:4a (config) # end
6c:f3:7f:c3:67:4a# commit apply
committing configuration...
configuration committed.
6c:f3:7f:c3:67:4a#
 
6c:f3:7f:c3:67:4a# show summary | include "Restrict Corporate Access"
Restrict Corporate Access:enable
6c:f3:7f:c3:67:4a#

Debug & Troubleshooting Example:-
--------------------------------------------------
Find below screen shot to debug.

ACL hits on ACL 106 can be used to check functionality.
 
 
 
 
 
 
Packet Dump to collect more information
 

Statistics
0 Favorited
4 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.