Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Mobility Controller- SSID requremnets

This thread has been viewed 39 times

  • 1.  Mobility Controller- SSID requremnets

    Posted Nov 16, 2021 05:20 PM
    hello 

    we have MM-MC soultion

    SSID - (Guest-HQ)
    the requrimnets are :-

    1- When client try to access server 10.1.1.1 isolated him for 1800sec
    2-When client access 10.1.1.1 controller must generate syslog message and send to ip 10.1.1.5(server-syslog)
    3-Gateway is 192.168.5.4  if client get the Gatawy ip (192.168.5.4) so he willnot appeared under user-table

    How to achive that

    ------------------------------
    amr shawky
    ------------------------------


  • 2.  RE: Mobility Controller- SSID requremnets

    MVP GURU
    Posted Nov 17, 2021 06:05 PM
    for 1, you can look to use blacklist on ACL

    for 2, you need to enable log on your acl

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------

    Original Message


  • 3.  RE: Mobility Controller- SSID requremnets

    MVP
    Posted Nov 19, 2021 03:39 AM
    Are you trying to honeypot users or something? Who not simply flat out deny access to servers you don't want them to access?

    ------------------------------
    Koen V
    ------------------------------

    Original Message


  • 4.  RE: Mobility Controller- SSID requremnets

    Posted Nov 19, 2021 12:32 PM
    no i need to protect server from client 
    server ip 10.1.1.1

    so any user try to access this server i neeed to isolate hi, fro 1800 sec also send syslog to syslog server that log

    if i enable the log on ACL , devicve only generate the logs locally but i sthere any option to send to syslog server except intergate the controller to syslog server

    ------------------------------
    amr shawky
    ------------------------------

    Original Message


  • 5.  RE: Mobility Controller- SSID requremnets

    Posted Nov 19, 2021 10:42 PM
    we didnot need to blacklist the client when access the server , we just need to isolate it fro 1800 sec, So if we configured under AAA profile it will apply in all client and all servers but we need the spacific one as mentoned before

    Also the gateway ip if wireless client got it so that not be resinted in User-table

    Also the syslog send to external server if client try to access // not genertaed locally on controller

    ------------------------------
    amr shawky
    ------------------------------

    Original Message