Controllerless Networks

last person joined: 15 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

blocking particular client in internal DHCP

This thread has been viewed 2 times

  • 1.  blocking particular client in internal DHCP

    Posted Apr 06, 2017 06:29 AM

    We are having ARUBA IAP 205 (30Nos) and internal DHCP is enabled to assign IP to all the clients. if one of the wireless client sends a malware to the network, the virtual controller ip is getting blocked by the firewall as the virtual controller ip is natted with the client ip. we want to block that particular client who sends the malware. how can we do this other than having a external DHCP ?



  • 2.  RE: blocking particular client in internal DHCP

    EMPLOYEE
    Posted Apr 06, 2017 06:32 AM
    You would have to dedicate a vlan external to your AP, so that the firewall can see the real IP address. Since all the traffic on a virtual AP assigned vlan is natted, there is no way for your firewall to tell the difference.


  • 3.  RE: blocking particular client in internal DHCP

    Posted Apr 07, 2017 03:24 AM

    Like joseph explained the firewall only sees the virtual controller and not the machines behind the NAT. So one other option would be to assign IP's from the firewall itself so that the firewall can locate the right machine and get the machine blacklisted. Otherwise like how joseph said create a diffrent VLAN for the machines from the ap and then seperate them and see where the problem lies.