Wireless Access

Reply
Contributor I

WLC Controller Admin Access need to Block from Guest Network

hi am trying to block 7010 WLC admin portal access (port: 4343) from Guest network but its not happening.

 

we created a policy (block-internal-access) (source: user, Destination: controller IP, Service: tcp 4343, action: deny) and added to Post Logon Role (Auth-Guest Role) and mapped Auth-Guest Role to Captive Portal. 

captive portla add on initial Role (Guest-Logon), Guest-Logon role add on AAA (dot1x-PSK) and finally mapped to Virtual AP.

 

but guest users still able to access WLC admin portal login page.

 

 

Ref attachement.

 

1. Block-Internal-Access

2. Auth-Guest Role

Guru Elite

Re: WLC Controller Admin Access need to Block from Guest Network

Are you sure that is the role that your users are in?

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Contributor I

Re: WLC Controller Admin Access need to Block from Guest Network

yes, it could be.

we have created a local user (as a guest) and role is assigned to Guest SSID. how can we confirm this.

also could you please help me to clarify on thing Firewall /Auth-Guest Role is assigned to Guest SSID(ex: AWNICA-GUEST), so once we assign any firewall /access-list to this SSID /AAA policy all connected user (user who is connected to this SSID) have the configured restriction, am i correct.

Guru Elite

Re: WLC Controller Admin Access need to Block from Guest Network

You have to type "show user" on the commandline or look at the user table on the monitoring page to find out what the current role of the user is.

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: