Wireless Access

last person joined: 4 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

WLC Controller Admin Access need to Block from Guest Network

Jump to Best Answer
  • 1.  WLC Controller Admin Access need to Block from Guest Network

    Posted Mar 19, 2018 01:51 PM

    hi am trying to block 7010 WLC admin portal access (port: 4343) from Guest network but its not happening.

     

    we created a policy (block-internal-access) (source: user, Destination: controller IP, Service: tcp 4343, action: deny) and added to Post Logon Role (Auth-Guest Role) and mapped Auth-Guest Role to Captive Portal. 

    captive portla add on initial Role (Guest-Logon), Guest-Logon role add on AAA (dot1x-PSK) and finally mapped to Virtual AP.

     

    but guest users still able to access WLC admin portal login page.

     

     

    Ref attachement.

     

    1. Block-Internal-Access

    2. Auth-Guest Role



  • 2.  RE: WLC Controller Admin Access need to Block from Guest Network

    Posted Mar 19, 2018 02:19 PM

    Are you sure that is the role that your users are in?



  • 3.  RE: WLC Controller Admin Access need to Block from Guest Network

    Posted Mar 19, 2018 03:40 PM

    yes, it could be.

    we have created a local user (as a guest) and role is assigned to Guest SSID. how can we confirm this.

    also could you please help me to clarify on thing Firewall /Auth-Guest Role is assigned to Guest SSID(ex: AWNICA-GUEST), so once we assign any firewall /access-list to this SSID /AAA policy all connected user (user who is connected to this SSID) have the configured restriction, am i correct.



  • 4.  RE: WLC Controller Admin Access need to Block from Guest Network
    Best Answer

    Posted Mar 19, 2018 04:09 PM

    You have to type "show user" on the commandline or look at the user table on the monitoring page to find out what the current role of the user is.