Wireless Access

last person joined: 13 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

ACCESS CONTROL

This thread has been viewed 4 times

  • 1.  ACCESS CONTROL

    Posted Nov 21, 2014 07:20 AM

    I am trying to use the Default guest profile for guest access to the internet. I therefore created a VLAN32 with interface IP 192.168.32.1/24 for the guest users. This vlan should be able to access just the internet and nothing else. After creating this VLAN, everything works well just that the VLAN has access to the whole internal network. But if i disable inter VLAN routing on the internal VLAN (Management VLAN), then the clients in the guest VLAN is blocked entire from all the network resources (Internet etc). I therefore wanted to use ACLS on the my firewall/default gateway to block internal access and allow only internet and OpenDNS but this unfotunately doesnt work either as expected. I traced route and realised that, the routes does not go through the firewall/default gateway to reach the internal network, so I am supposing that is why the ACLs re not applied to the traffic. I would like to set the default gateway for the VLAN32 clients to the firewall/default gateway IP instead of the VLAN32 interface IP, but since they will not be in the same subnet/network it will not work. Can someone suggest a work around for my situation?

     

     

    thank you.



  • 2.  RE: ACCESS CONTROL

    EMPLOYEE
    Posted Nov 21, 2014 07:24 AM
    You should create a netdestination that contains your internal networks and create a session ACL that blocks access to that netdestination.


  • 3.  RE: ACCESS CONTROL

    Posted Nov 21, 2014 07:27 AM

    Hi,

     

    Thanks for the quick reply. Unfortunately, i have the basic license which does not allow me to create session ACL. So i cannot create the netdestination as you are suggesting. What will be my other options?