Training and Certification

0 Kudos

IAP GUEST Design

Question regarding Guest design for IAPs.

In a controller environment, a hardened Ethernet port gets directed to a firewall port, or DMZ for guest traffic. Thus, physically separating the guest traffic from the corporate LAN.  But with IAP’s/ virtual controllers I don’t have that option.

 

How do I prevent guest traffic from hitting the LAN, other than using Firewall rules to prevent that specific destination? What’s the best approach?

 

Thanks Stefan

Comments
New Contributor

Stefan,

Check out this link and see if it helps:

https://socifi-doc.atlassian.net/wiki/display/SC/Aruba+%28IAP+virtual+controller+mode%29+configuration

 

On the Step 2, Client VLAN assignment, I would chose Custom and use/create a Guest VLAN.

 

Again, I am not sure if this answers your question or not; as I don't know how is your network setup.

 

S.R.