Wireless Access

Reply
MVP
Posts: 3,009
Registered: ‎10-25-2011

filter ip scanners on guest network

hello we got a client that he is reporting that in the captive portal he can do an ip scan  and he can see devices that are connected to that network(the guest wifi is on their network, is not a guest wifi on the controller) I suggested them to have it on the controller but they said they didnt want to do taht as they will loose visibility in their firewall of those users...

 

I activated deny interuser traffic(with this they can no longer see other wifi users on the ip scanners)

on the firewall rule i used a rule which said

user deny guest network any port 

Still witht that they can see the other devices(they got a printer and other things they dont want to see in the ip scanner)

 

also i activate deny broadcast on the ssid and i still see them

 

Is there any way to block this ? so they cannot seee it on the ip scanner??

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: filter ip scanners on guest network

[ Edited ]

If you have an unencrypted network, you can see everything passively.  You don't even need to scan.  That is the drawback of having an unencrypted network.  That is always why most reputable guest networks have a disclaimer that says that everyone can see what they are doing, so users should only use SSL-encrypted networks, a personal firewall and a VPN to prevent that from happening.

 

It is pretty much impossible to protect the content of an unencrypted guest network from other users.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 3,009
Registered: ‎10-25-2011

Re: filter ip scanners on guest network

Hello Collin

Do you mean that i can see everything passively because all that traffic is layer 2? and the aps, wireless controller are acting like a switch ?

or i did missunderstood that?

 

I m able to block the packets going to another wifi device because it doess has to pass trhough te firewall on the controller? right?

 

Just trying to understand this correctly.

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
MVP
Posts: 3,009
Registered: ‎10-25-2011

Re: filter ip scanners on guest network

i did re read your message and i got what you mean thanks collin

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
Showing results for 
Search instead for 
Did you mean: