Controllerless Networks

Reply
Occasional Contributor II

How to Block IP Scanners?

Hello Everyone,

 

I have 90 Instant 103 Access Points at the same cluster with an open SSID, any one using the IP Scanner can see every one on the network.

 

I have tried to Enable (Deny inter user bridging) but its not working.

 

How could i to block the ip scanners, i need to prevent any one to scan my network? How to do this at my Virtual Controller?

 

Please help ASAP.

 

 

Occasional Contributor II

Re: How to Block IP Scanners?

The deny inter user bridging option should work though. Alternatively you could also work with user derivation and drop the mac-addresses from the IP scanners into another role/vlan with the necessary restrictions. 

Occasional Contributor II

Re: How to Block IP Scanners?

Can i apply deny inter user bridging on a cluster contains 90 AP or it works on one AP only?

I tried to enable it on the cluster it won't work, but it works in one AP only!!!

Guru Elite

Re: How to Block IP Scanners?

Derar,

 

The problem with an open SSID is that there is nothing that really can be blocked.  A user that would have to resort to active scanning on an encrypted SSID can easily get everything they need through passtive scanning.  Unless you implement some sort of encryption on that SSID, everything can be seen..



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: How to Block IP Scanners?

Thanks all, if i got a real controller like 72xx or 3600 could i block it there or its the same issue?

Guru Elite

Re: How to Block IP Scanners?

No, you need to  start with having encryption on your SSID.  With an open ssid, everything can be seen.  With encryption it is more likely that what can and cannot be seen and can be controlled.  This is more a general statement about wireless security rather than how you keep someone from scanning your network.  Please see the document here:  https://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/295/1/WP_BUILDING%20GLOBAL%20SECURITY%20POLICIES%5B1%5D.pdf



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite

Re: How to Block IP Scanners?

To be specific, deny inter user bridging works by blocking ARP responses.  Unless you use encryption, ARP responses would be easily seen in the air and cannot be controlled.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: