Wireless Access

last person joined: an hour ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

SSIDs with Restrictions

This thread has been viewed 0 times

  • 1.  SSIDs with Restrictions

    Posted Dec 11, 2017 02:46 AM

    There are 2 SSIDs. One for Employees and another for Guest.

    Both SSIDS are in same VLAN.

     

    Now customer wants to give full Access to resources and servers for the employees who are connecting to 'Employee' SSID.

    And only internet to someone who is connecting to 'Guest' SSID.

     

    They are having 15 APS and 1 controller with LIC-AP.

     

    Now LIC-PEF is required for implementing the above or just LIC-AP is sufficient.

     

    And How it can be done.

     



  • 2.  RE: SSIDs with Restrictions

    EMPLOYEE
    Posted Dec 11, 2017 03:45 AM

    you can achieve this with access-lists

     

    ip access-list session employee-acl

    any any any permit

    !

    !

    netdestination internal-networks

      network 10.0.0.0 255.0.0.0

      network 192.168.0.0 255.255.0.0

      network 172.16.0.0 255.240.0.0

      <Add any others you want>

    !

    ip access-list session guest-acl

    user alias internal-networks any deny

    any any  any permit

     

    !

    user-role employee

    access-list session employee-acl

    !

    !

    user-role guest

    access-list session guest-acl

    !

     

    Assign the roles to the respective ssids



  • 3.  RE: SSIDs with Restrictions

    Posted Dec 11, 2017 05:14 AM

    any firewall license (LIC-PEF) is required to do so (Restrict Guest to access Corporate resources)?



  • 4.  RE: SSIDs with Restrictions

    Posted Dec 11, 2017 11:19 AM

    You need LIC-PEF to be able to create User Roles