Wireless Access

 View Only
last person joined: 7 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

Mobility Controller- SSID requremnets

This thread has been viewed 39 times
  • 1.  Mobility Controller- SSID requremnets

    Posted Nov 16, 2021 05:20 PM

    we have MM-MC soultion

    SSID - (Guest-HQ)
    the requrimnets are :-

    1- When client try to access server isolated him for 1800sec
    2-When client access controller must generate syslog message and send to ip
    3-Gateway is  if client get the Gatawy ip ( so he willnot appeared under user-table

    How to achive that

    amr shawky

  • 2.  RE: Mobility Controller- SSID requremnets

    Posted Nov 17, 2021 06:05 PM
    for 1, you can look to use blacklist on ACL

    for 2, you need to enable log on your acl

    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281

  • 3.  RE: Mobility Controller- SSID requremnets

    Posted Nov 19, 2021 03:39 AM
    Are you trying to honeypot users or something? Who not simply flat out deny access to servers you don't want them to access?

    Koen V

  • 4.  RE: Mobility Controller- SSID requremnets

    Posted Nov 19, 2021 12:32 PM
    no i need to protect server from client 
    server ip

    so any user try to access this server i neeed to isolate hi, fro 1800 sec also send syslog to syslog server that log

    if i enable the log on ACL , devicve only generate the logs locally but i sthere any option to send to syslog server except intergate the controller to syslog server

    amr shawky

  • 5.  RE: Mobility Controller- SSID requremnets

    Posted Nov 19, 2021 10:42 PM
    we didnot need to blacklist the client when access the server , we just need to isolate it fro 1800 sec, So if we configured under AAA profile it will apply in all client and all servers but we need the spacific one as mentoned before

    Also the gateway ip if wireless client got it so that not be resinted in User-table

    Also the syslog send to external server if client try to access // not genertaed locally on controller

    amr shawky