Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Mobility Controller- SSID requremnets

This thread has been viewed 38 times
  • 1.  Mobility Controller- SSID requremnets

    Posted 16 days ago
    hello 

    we have MM-MC soultion

    SSID - (Guest-HQ)
    the requrimnets are :-

    1- When client try to access server 10.1.1.1 isolated him for 1800sec
    2-When client access 10.1.1.1 controller must generate syslog message and send to ip 10.1.1.5(server-syslog)
    3-Gateway is 192.168.5.4  if client get the Gatawy ip (192.168.5.4) so he willnot appeared under user-table

    How to achive that

    ------------------------------
    amr shawky
    ------------------------------


  • 2.  RE: Mobility Controller- SSID requremnets

    Posted 15 days ago
    for 1, you can look to use blacklist on ACL

    for 2, you need to enable log on your acl

    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------



  • 3.  RE: Mobility Controller- SSID requremnets

    Posted 14 days ago
    Are you trying to honeypot users or something? Who not simply flat out deny access to servers you don't want them to access?

    ------------------------------
    Koen V
    ------------------------------



  • 4.  RE: Mobility Controller- SSID requremnets

    Posted 14 days ago
    no i need to protect server from client 
    server ip 10.1.1.1

    so any user try to access this server i neeed to isolate hi, fro 1800 sec also send syslog to syslog server that log

    if i enable the log on ACL , devicve only generate the logs locally but i sthere any option to send to syslog server except intergate the controller to syslog server

    ------------------------------
    amr shawky
    ------------------------------



  • 5.  RE: Mobility Controller- SSID requremnets

    Posted 13 days ago
    we didnot need to blacklist the client when access the server , we just need to isolate it fro 1800 sec, So if we configured under AAA profile it will apply in all client and all servers but we need the spacific one as mentoned before

    Also the gateway ip if wireless client got it so that not be resinted in User-table

    Also the syslog send to external server if client try to access // not genertaed locally on controller

    ------------------------------
    amr shawky
    ------------------------------