Controllerless Networks

Reply
New Contributor
Posts: 1
Registered: ‎04-06-2017

blocking particular client in internal DHCP

We are having ARUBA IAP 205 (30Nos) and internal DHCP is enabled to assign IP to all the clients. if one of the wireless client sends a malware to the network, the virtual controller ip is getting blocked by the firewall as the virtual controller ip is natted with the client ip. we want to block that particular client who sends the malware. how can we do this other than having a external DHCP ?

Guru Elite
Posts: 21,588
Registered: ‎03-29-2007

Re: blocking particular client in internal DHCP

You would have to dedicate a vlan external to your AP, so that the firewall can see the real IP address. Since all the traffic on a virtual AP assigned vlan is natted, there is no way for your firewall to tell the difference.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 12
Registered: ‎03-30-2017

Re: blocking particular client in internal DHCP

Like joseph explained the firewall only sees the virtual controller and not the machines behind the NAT. So one other option would be to assign IP's from the firewall itself so that the firewall can locate the right machine and get the machine blacklisted. Otherwise like how joseph said create a diffrent VLAN for the machines from the ap and then seperate them and see where the problem lies.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: