Security

Reply
Contributor I

Aruba Instant 'guest' network blocking e-mail

Hi

 

We have setup a 'guest' wireless network for a customer using Instant 'guest' setup.  We are using the default VLAN (3333?) and using the internal DHCP / NATing, etc.

 

Internet connectivity works fine but users can not access e-mail on thier devices.

 

We have the following on the Aruba firewall

 

DNS Allow

DHCP Allow

HTTP Allow

HTTPS Allow

POP3 Allow

SMTP Allow

PP2P Allow

Allow Application Category Mail Protocols

Allow Application Category Webmail Protocols

Deny Everything Else

 

Any ideas?

 

Thanks

David

Re: Aruba Instant 'guest' network blocking e-mail

What role are the users in?

 

Can you post the output of the following command?

 

show rights <role>

 

Where <role> is the role that the guest users have.

 

Thanks

James

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
---------------------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.

Re: Aruba Instant 'guest' network blocking e-mail

In additon to James question , what version of InstantOS are you running ?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I

Re: Aruba Instant 'guest' network blocking e-mail

Hi Victor

 

Currently running 6.4.2.3 on Instant 135.

 

Regards

 

David

Contributor I

Re: Aruba Instant 'guest' network blocking e-mail

Hi James

 

Sorry I maybe missing something but when I try running CLI and entering

 

show rights guest

 

It reports back a parse error. Show rights does not show when running

 

Show ?

 

Regards

 

David

Re: Aruba Instant 'guest' network blocking e-mail

Apologies I gave you a controller command... 

 

Run the "show clients" command and post the output of the user who is having this issue.

 

Try: "show access-rule guest"


...assuming the user is in the guest role and post back the result.

 

Cheers

James

 

 

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
---------------------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Contributor I

Re: Aruba Instant 'guest' network blocking e-mail

Hi James

 

No problem.  Please see below:

 

login as: admin
admin@192.168.6.102's password:

24:de:c6:c6:bc:00# show clients

Client List
-----------
Name           IP Address     MAC Address        OS  Network  Access Point                             Channel  Type  Role   Signal    Speed (mbps)
----           ----------     -----------        --  -------  ------------                             -------  ----  ----   ------    ------------
Davids-iPhone  172.31.99.224  a4:5e:60:72:95:d1      guest    24:de:c6:c6:bc:00                        124+     AN    guest  42(good)  135(good)
Number of Clients   :1
Info timestamp      :72248
24:de:c6:c6:bc:00# show access-rule guest

Access Rules
------------
Dest IP  Dest Mask  Dest Match  Protocol (id:sport:eport)  Application                 Action  Log  TOS  802.1P  Blacklist  App Throttle (Up:Down)  Mirror  DisScan  ClassifyMedia
-------  ---------  ----------  -------------------------  -----------                 ------  ---  ---  ------  ---------  ----------------------  ------  -------  -------------
any      any        match       dhcp                                                   permit         
any      any        match       dns                                                    permit         
any      any        match       https                                                  permit         
any      any        match       http                                                   permit         
any      any        match       smtp                                                   permit         
any      any        match       pop3                                                   permit         
any      any        match                                  appcategory webmail         permit         
any      any        match                                  appcategory mail-protocols  permit         
any      any        match       pptp                                                   permit         
any      any        match       any                                                    deny           
Vlan Id           :0
ACL Captive Portal:disable
ACL ECP Profile   :default
CALEA             :disable
Bandwidth Limit   :upstream disable
24:de:c6:c6:bc:00#

Contributor I

Re: Aruba Instant 'guest' network blocking e-mail

Hi James

 

We have added the follwoing ports onto the allow list and it is working

 

IMAPIncoming143
POPIncoming110
SMTPOutgoing25, 80, 3535

With SSLProtocol Type Port

IMAPIncoming993
POPIncoming995
SMTPOutgoing465

Thanks for looking it this

 

Regards

 

David

New Contributor

Re: Aruba Instant 'guest' network blocking e-mail

Hi James,

 

Where can I input these ports for IMAP, POP3 and SMTP on Aruba Instant version 6.5.0.0-4.3.0.0_56428?

Guru Elite

Re: Aruba Instant 'guest' network blocking e-mail

If you edit the SSID, in the last tab, there are security rules that determine if you have any rules, and what they are.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: