Wireless Access

Reply
Contributor II
Posts: 36
Registered: ‎08-28-2014

Setup an SSID to be used by Android devices that blocks internet but not internal web servers

Hi Guys

 

I am not sure how to achieve this.

 

Currently we are deploying some Android Tablets to our production lines that will be used for one of our web apps that monitors the production lines and allows for input from the operators for stoppage causes and so on.

 

The only way I can see for this to work is to set up and SSID for the androids to connect to our internal network so they can access the internal web portals.

The problem is how can I block that SSID from accessing the normal internet or getting out of our internal network.

 

Cheers

 

Anthony

 

 

 

Guru Elite
Posts: 8,648
Registered: ‎09-08-2010

Re: Setup an SSID to be used by Android devices that blocks internet but not internal web servers

Simply create an access rule that allows access to the servers or subnets where the services live, DNS and DHCP and them put a deny all at the end.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 36
Registered: ‎08-28-2014

Re: Setup an SSID to be used by Android devices that blocks internet but not internal web servers

Thanks for the Tip.

Unfortuantley it has been quite a while since I have set up these kind of rules so I am struggling to find where to implement them.

Also previously when we were setting up these rules I had an ARuba Technician with me to do it.

Are you able to give me the basics I where I need to go to make this happen?

 

Thanks

 

Cheers

 

Sy

Guru Elite
Posts: 8,648
Registered: ‎09-08-2010

Re: Setup an SSID to be used by Android devices that blocks internet but not internal web servers

[ Edited ]
netdestination INTERNAL-NETWORK
network W.X.Y.Z M.A.S.K
!
ip access-list session PERMIT_INTERNAL
any alias INTERNAL-NETWORK any permit
!
user-role <GUEST-ROLE>
access-list session logoncontrol
access-list session PERMIT_INTERNAL
!

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 36
Registered: ‎08-28-2014

Re: Setup an SSID to be used by Android devices that blocks internet but not internal web servers

Sorry for being a noob.

I am asuuming this is the commandline commands to set this?

If So I am able to get there and get to enbaled mode.

I tried the first line assuming that internal-network was the name of the wireless SSID. I also tired it with assuming that was the command.

I used the gateway address for the vlan we are trying to use.

for the network W.X.Y.Z M.A.S.K

IS this what you ment or am I complete in the wrong place?

 

Thanks

Contributor II
Posts: 36
Registered: ‎08-28-2014

Re: Setup an SSID to be used by Android devices that blocks internet but not internal web servers

Sorry just need to dumb it down a little bit more for me.

So the commands you have listed are for command line or through the gui and if through the gui where do I start?

 

thanks

Cheers

 

Sy

Guru Elite
Posts: 21,289
Registered: ‎03-29-2007

Re: Setup an SSID to be used by Android devices that blocks internet but not internal web servers

Are you using an Aruba Controller or Aruba Instant?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 36
Registered: ‎08-28-2014

Re: Setup an SSID to be used by Android devices that blocks internet but not internal web servers

Hi Colin

 

They are controlled from  7210 Mobility Controller.

We don't have any instants.

 

Thanks

Sy

Guru Elite
Posts: 21,289
Registered: ‎03-29-2007

Re: Setup an SSID to be used by Android devices that blocks internet but not internal web servers

Click on Monitoring> Controller> Clients.  Find out what role your android clients end up in.  Go to Configuration> Security> Access Control.  Find the role you saw before and edit it.   Under firewall policies click on add to add the rules that Tcappalli Suggested, one by one.  Please refer to the section here:  http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Firewall_Roles/Policies.htm?Highlight=firewall policies for detailed information on how to do this.

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 36
Registered: ‎08-28-2014

Re: Setup an SSID to be used by Android devices that blocks internet but not internal web servers

Thanks for the help.

I think I have done what was recommended I am not sure though it still seems to be allowing the tablet to get to the internet tho.

So I have missied something.

What info can I send to you guys to make sure I have done it right?

 

Thanks

Search Airheads
Showing results for 
Search instead for 
Did you mean: