Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Controller, deny multimedia in SSID

This thread has been viewed 0 times

  • 1.  Controller, deny multimedia in SSID

    Posted Jan 10, 2015 03:08 PM

    Hello!

     

    We have Controller only with AP_upgrade_license.

    How can we deny access to multimedia in internet for SSID (looking online video, listen online music)?

     

    Thank you!



  • 2.  RE: Controller, deny multimedia in SSID

    EMPLOYEE
    Posted Jan 10, 2015 03:09 PM

    You would need the PEFNG license.

     

    Also, for the most flexibility, you would need a newer 7000 series controller.



  • 3.  RE: Controller, deny multimedia in SSID

    Posted Jan 10, 2015 03:12 PM

    We have 7210 controller, but have no PEFNG )))

     

    Is there some ideas?

    Maybe to deny some sites - like youtube and other?

     

    Thank you!


    #7210


  • 4.  RE: Controller, deny multimedia in SSID

    EMPLOYEE
    Posted Jan 10, 2015 03:14 PM

    You need PEFNG or you'll need to use an upstream device.

     

    Without PEFNG, there are no roles and no firewall policies other than allowall and basic guest restrictions.

     

    http://www.arubanetworks.com/pdf/products/DS_PEF.pdf



  • 5.  RE: Controller, deny multimedia in SSID

    Posted Jan 10, 2015 03:16 PM

    Thank you!



  • 6.  RE: Controller, deny multimedia in SSID

    Posted Jan 12, 2015 05:50 AM

    Hello!

     

    And how to do this with PEFNG license?

     

    Thank you!



  • 7.  RE: Controller, deny multimedia in SSID

    Posted Jan 12, 2015 06:33 AM

    Hi friend,

     

    After installing PEFNG license you can block applications and services category wise,

     

    for your ref :

     

    1. select AppRF from the Dashboard-->Block/Unblock

     

    AppRF1.JPG

     

    2. Select New and enter the required details (Example to to deny a web app Facebook)

     

    AppRF2.JPG

    3. Example to deny a video streaming :

     

    AppRF3.JPG

     

    Hope you got some idea now.

     

    Please feelfree for any further help on this.

     



  • 8.  RE: Controller, deny multimedia in SSID

    Posted Jan 12, 2015 06:39 AM

    Hi!

     

    As I see - I can aply this rule to IPv4 addresses?
    But I have 3 SSID in 1 VLAN, and so all users have IP from one pool.

    This rule I have to map to SSID.

     

    Thank you!



  • 9.  RE: Controller, deny multimedia in SSID

    Posted Jan 12, 2015 06:53 AM

    HI,

     

    Yes we can do this too.

     

    1. create a policy to allow or deny applications and services as shown below,

    AppRF4.JPG

     

    2. Map this policy to a role and map the role to the AAA profile(default role) which is mapped to the VAP where the required SSID profile is mapped.

     

    3. When somebody selectes this SSID they will be mapped to the default role ( or SDR ) and their application access will be controlled according to the Policy.

     

    Hope got some more clarity,

     

    Please feel free for any further help on this.



  • 10.  RE: Controller, deny multimedia in SSID

    Posted Jan 12, 2015 07:30 AM

    And this policies wouldn't work without PEFNG license?

     

    Thank yoU!



  • 11.  RE: Controller, deny multimedia in SSID

    EMPLOYEE
    Posted Jan 12, 2015 07:33 AM
    Without PEFNG, you wouldn't be able to create them or apply them. 


    Thanks, 
    Tim


  • 12.  RE: Controller, deny multimedia in SSID

    Posted Jan 12, 2015 07:34 AM

    Yes, neds PEF license,

     

    Not only for this, in order to create any policy you need PEF ( Policy Enforcement Firewall) license.

     

    Hope got more clarity.

     

    Please feelfree for any furhter query on this.



  • 13.  RE: Controller, deny multimedia in SSID

    Posted Jan 12, 2015 07:43 AM

    And 1 more question:

     

    how can I limit bandtwight (rate limit) in some SSID with policy?

    For example 256Kbps

     

    Thank yoU!



  • 14.  RE: Controller, deny multimedia in SSID

    EMPLOYEE
    Posted Jan 12, 2015 07:46 AM
    Add a bandwidth contract under the user-role.

    Have you considered working with an Aruba partner? 


    Thanks, 
    Tim