Wireless Access

Reply
Contributor II

IAP Management Access through connected clients

Hi All,

 

I have deployed a cluster of IAPs broadcasting multiple SSIDs. Every SSID is on a different VLAN and IAP management is on a separate VLAN too. The gateway for IAP and users (connected to any of the SSIDs in on Palo Alto firewall in the network).

 

A user connected to the Wi-Fi network (say Guest SSID) is able to access the management IP (GUI and SSH) of the IAPs. From design perspective, I am not putting any ACL on user roles as I believe we have a layer 3 separation between the two subnets and  all traffic filtering should be done on the firewall (gateway for IAP and users).

 

I just wanted to confirm if this is the right traffic flow? There is no way IAP will leak traffic between the connected user (on subnet X) and its management network (subnet y) without going back through the gateway (Palo Alto firewall)?

JayBee
ACDX | CCIE (RnS/SP,DC) | ACCP | ACMP | ACMA | JNCIS | JNCIA
If the provided solution resolves your issue, please mark it as accepted solution to help others.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: