Wireless Access

Reply
Contributor II
Posts: 71
Registered: ‎06-03-2014

ACCESS CONTROL

I am trying to use the Default guest profile for guest access to the internet. I therefore created a VLAN32 with interface IP 192.168.32.1/24 for the guest users. This vlan should be able to access just the internet and nothing else. After creating this VLAN, everything works well just that the VLAN has access to the whole internal network. But if i disable inter VLAN routing on the internal VLAN (Management VLAN), then the clients in the guest VLAN is blocked entire from all the network resources (Internet etc). I therefore wanted to use ACLS on the my firewall/default gateway to block internal access and allow only internet and OpenDNS but this unfotunately doesnt work either as expected. I traced route and realised that, the routes does not go through the firewall/default gateway to reach the internal network, so I am supposing that is why the ACLs re not applied to the traffic. I would like to set the default gateway for the VLAN32 clients to the firewall/default gateway IP instead of the VLAN32 interface IP, but since they will not be in the same subnet/network it will not work. Can someone suggest a work around for my situation?

 

 

thank you.

Guru Elite
Posts: 8,792
Registered: ‎09-08-2010

Re: ACCESS CONTROL

You should create a netdestination that contains your internal networks and create a session ACL that blocks access to that netdestination.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 71
Registered: ‎06-03-2014

Re: ACCESS CONTROL

Hi,

 

Thanks for the quick reply. Unfortunately, i have the basic license which does not allow me to create session ACL. So i cannot create the netdestination as you are suggesting. What will be my other options?

Search Airheads
Showing results for 
Search instead for 
Did you mean: