Security, WIDS/WIPS and Aruba ECS

Occasional Contributor II

Isolating Guest Vlans

Hi All,

I need to deny all intranet traffic and only allow webbrowsing for the guest Wlan .How can i achieve this ??

I dont have a PEF liscence

The OS is 5.2 3600 controllers

Thanks in advance
Aruba Employee

Re: Isolating Guest Vlans

Without the PEF license, you can't create new user roles. Since you can't create new user roles, you can't control guest traffic utilizing only the controller. You would have to put the guests in a VLAN that had an ACL on the upstream router/firewall to control traffic.

Your best option would be to purchase the PEF-NG license for the number of APs you own and create a role for guests the only allowed DHCP, DNS and HTTP (and possibly HTTPS if you want to allow it).
Occasional Contributor II

Re: Isolating Guest Vlans


Is there a way i can place an acl in the aruba controller itself without having PEF firewall liscence ?
Guru Elite

Re: Isolating Guest Vlans

No. It is the firewall license that allows you to create ACLs...

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: