Wireless Access

last person joined: 15 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

How to create Whitelist

This thread has been viewed 5 times

  • 1.  How to create Whitelist

    Posted Apr 03, 2014 12:38 AM

    Hi,

     

    i have some problem for my controller and my AP,sometime if client want to connect AP  is so difficult to get IP and controller detected blacklist mac address client is IP spoofing. so what can i do for this case.!

    can i create white list for client so if client difficult to get IP, controller cannot detected blacklist.

     

     

    Thanks you

     



  • 2.  RE: How to create Whitelist

    Posted Apr 03, 2014 02:48 AM

    Is this a ligitimate client? If so...

     

    Go to the controller GUI>configuration>advanced services/stateful firewall> and disable "prohibit ip spoofing".

     

    You might also need to turn of "enforce dhcp" in the VAP or AAA (depending on code level) profile.

     

    Does the problem go away? It sounds like the client is transmitting IP packets in a sub-optimum manner.

     

    What version of software is the controller running, and is this an Android device?

     

    If memory serves, some older versions of code did have a challenge with Android devices especially (and some others) that transmitted IP frames immediately (sometimes relevate to completely different previously connected networks) without transmitting DHCP first.



  • 3.  RE: How to create Whitelist

    Posted Apr 03, 2014 03:50 AM

    yes its legitimate user,

     

    my firmware controller version 6.1.3 and user device use android and some time using notebook win 7 is same.

    now , i used 2 vlan (vlan A and B with different server) in one SSID. and i think user often to VLAN A, can i load balance with 2 vlan maybe! or whos vlan respone time is fast so user used this vlan.

     

    Thanks you



  • 4.  RE: How to create Whitelist

    Posted Apr 03, 2014 09:21 AM

    So, my suggestions resolved your first issue yes?

     

    I'm not 100% clear on what you're asking in the next point.

     

    However, if you're asking can you use two VLANs with one SSID, then yes. You simply add both VLAN numbers to the VAP profile. And then there further ways to configure it, depending on what you're trying to achieve.

     

    I'm not sure of the significance of the 2 servers you mentioned. What servers? Doing what? Are these relevant to your configurations?

     

    If you have 2 VLANs in a VAP, the clients are put into either one based on a hash of their mac address (so you should think of this as random). This is partially load-balanced, but it's not 100% predictable. There are other ways to do things, but you need to clearly layout your objectives, constraints and solution scale to work out what's best.

     

    In terms of "vlan response time", how would you envisage measuring this?