Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Not allowed IP display in client list

This thread has been viewed 0 times

  • 1.  Not allowed IP display in client list

    Posted Jun 16, 2018 08:57 AM

    Hi,

    We have Aruba 7210 controller in master local setup. AOS version 6.5.3.

    "Employee" SSID configured with TLS authentication method. AAA profile 8.2.1x authentication role is --> authenticated(default)

    Authenticated user get IP address from external DHCP server(IP range 10.105.10.X/24).

     

    If i assigned other range static IP on wireless client adapter i.e. 192.168.10.X/24 and tried to connect "Employee" SSID client is getting authenticated role and get connected. But he didn't get wireless IP (10.105.10.X) subnet access.

    This IP also reflected in client list with "authenticated" role

     

    I have tried to configure permit IP access list under authenticated role for 10.105.10.X/24(rest will be implict deny), we have tried Enforce DHCP but no luck

    Please suggest how can i avoid this kind of IP address in client list.

     

     



  • 2.  RE: Not allowed IP display in client list

    EMPLOYEE
    Posted Jun 17, 2018 06:52 AM

    If clients by default are assigned the subnet of 10.105.10.x/24 they would only be able to pass traffic if they have an ip address on that subnet.  If you assign a client any other ip address, there would be no router to route their traffic off of that subnet, so manually setting the ip address to any other range would not work.

     

    The client's ip address would be displayed in the user table, even though it would not be able to go anywhere.  Using "Enforce DHCP" or editing the Validuser ACL should accomplish what you need, however.  http://community.arubanetworks.com/t5/Controller-Based-WLANs/What-is-validuser-ACL-and-its-uses/ta-p/178584  If "Enforce DHCP is not working, check to make sure you are editing the right AAA profile.



  • 3.  RE: Not allowed IP display in client list

    Posted Jun 19, 2018 01:00 PM

    Hi,

    i have configured valid user ACL with "Enforce DHCP"

    Client is getting the correct subnet valid IP address but could not get other network subnet(wired -10.105.12.X/24) access.

    If i again assigned "authenticated" role, client is getting access to other network subnet.

    Please suggest how to fix the issue.



  • 4.  RE: Not allowed IP display in client list

    EMPLOYEE
    Posted Jun 19, 2018 02:10 PM

    What are you trying to restrict?



  • 5.  RE: Not allowed IP display in client list

    Posted Jun 20, 2018 12:22 AM

    Hi,

     

    I want to allow IP subnet 10.105.10.X/24 in client table and deny other IP subnet entry into client table. But at the same time allow IP subnet traffic should communicate with other network IP subnet.

    I guess, i need to add all other IP subnet ACL. but again if any wireless client assigned static IP(other subnet) that will be reflect in the client table.

    Thank you...