Security

Reply
Occasional Contributor I

How to prevent bridge connection by guest's router device?

Dear,

 

I have question on how to prevent guest terminal device(Smartphone, Laptop and etc.) connect to network by briding route via their own wireless router device.

 

I noted the stateful firewall of Aruba Controller 650 has relevant functions:

1.Deny Inter User Bridging

2.Deny Source Routing

 

My situation is:

 

1. terminal device directly connect to Aruba-AP --> authenticated by clearpass guest portal 6.2 --> only terminal device can connect to Internet.

 

2.terminal device connect to Aruba-AP via their own wireless router--> authenticated by clearpass guest portal 6.2 --> all devices connecting with Guest-side wireless router can connect to internet directly.(even a new terminal device, no authenticated anymore)

 

=> That's because all terminal devices are under NAT convertion via Guest-side wireless router connecting to Aruba-AP.

(and the MAC of Guest-side router has authenticated to internet by clearpass.)

 

 

 

20131119135515.jpg

20131119133559.jpg

Re: How to prevent bridge connection by guest's router device?

The features you mention won't achieve this I'm afraid.

 

In order to achieve what you're looking at, I'd recommend using features of the RF Protect licenses.

 

Specifically, you'd want to then look at enabling features in the IDS Unauthorized Device profile. See the below screenshot for examples. There's lots of options, and you'd need to read-up on them. Protecting against ad-hoc and windows bridges would be a great start!!!

 

 

 ids.png

 

 

Kudos appreciated, but I'm not hunting! (ACMX 104)
Occasional Contributor I

Re: How to prevent bridge connection by guest's router device?

Dear Jake Cornford,

 

I understand this situation now. Thank you for your kind answer.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: