Wireless Access

Reply
Regular Contributor II
Posts: 242
Registered: ‎09-11-2013

Controller is the DHCP default router?

[ Edited ]

Hi,

My guests get an IP from the controller and the controller is the default gateway for the users. The are allowed to reach clearpass using ESI server/group to authenticate and all. 

My issue is that guests users are able to access the web UI for the controller and putting an ACL(blocking svc-http and https to the destination of the controller IP address) on the guest role breaks some internet functionality for the guests, I even tried to only block tcp-4343 but it still broke some webb sites redirects. 

Any thoughts?

Guru Elite
Posts: 21,561
Registered: ‎03-29-2007

Re: Controller is the DHCP default router?

All guest users should be able to access the controller via http and https.  What you should do is use Application Access Control on ClearPass to determine what subnets can access what admin pages on ClearPass http://www.arubanetworks.com/techdocs/ClearPass/6.6/PolicyManager/index.htm#CPPM_UserGuide/Admin/ServerConfig_editnetworktab.htm#Access_restrictions



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor II
Posts: 242
Registered: ‎09-11-2013

Re: Controller is the DHCP default router?

No sure I get your answer!

You say use application access controller on clearpass? my issue is not the users accessing clearpass, it is the users accessing the controller GUI.

Guru Elite
Posts: 21,561
Registered: ‎03-29-2007

Re: Controller is the DHCP default router?

Okay. You tried only blocking TCP 4343 to the controller in the guest production role? That should not hurt anything.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: