06-08-2014 03:16 AM
We installed two new IAP93's today.
The employee network is wired and 172.16.x.x.; the guest network went on 192.169.x.x with using the Vlan. So perfect.
The guest network should only go to the internet and not have access to the 172.16.x.x. employee networks.
But we were not able the route the Vlan network directly to the internet or gateway (172.16.x.254), without have access to the 172 network. How to avoid Guests network access to the internal network and servers.
06-08-2014 03:51 AM
You can setup access rules that block the guest traffic from getting to 172.16.x.x http://www.arubanetworks.com/techdocs/Instant_40_WebHelp/InstantWebHelp.htm#UG_files/CaptivePortal/ConfiguringAccessRuleSettings.htm?Highlight=role
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
06-09-2014 04:00 AM - edited 06-09-2014 04:04 AM
Recently i have deployed the same scenario at customer site. Customer wants that guest only get the ip address from external DHCP server but could not be able to access any resources of the network. In this case the how the guest network traffic would be resolved ? so guest traffice would be resolved via global DNS. So on router the customer map the guest VLAN and IP subnet with 18.104.22.168 and 22.214.171.124.
Now 104 IAP VC , I apply the rule on the guest SSID.
Allow any service except to a network 172.16.0.0/16.
This rule will deny each guest to access a customer network resources.
Go to main interface of the IAP-> security->Roles-> now select guest ssid and apply the above rule.
Hope this idea will help you.