All connected clients get a role assigned, this role is set with ACL policies, example here;
any any udp68 deny
user any svc-dhcp allow
user any svc-dns allow
user any private-networks deny
user any any allow
Assign the new role as initial role to your SSID.
https://arubanetworking.hpe.com/techdocs/Instant_86_WebHelp/Content/instant-ug/roles-and-pol/conf-user-role.htm
Other thing you can do is enable "inter user traffic deny".
What is the role your clients get? with what acl rules?
------------------------------
Marcel Koedijk | MVP Expert 2024 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
------------------------------
Original Message:
Sent: Feb 03, 2025 02:46 PM
From: m25mark
Subject: Creating an Internet only network for mobile devices
Mobile devices in our internal network only need to get to a couple of cloud-based applications so we would like to isolate the mobiles so they only have internet access while connected to the Wi-Fi network, and cannot access anything on the internal production network (such as PCs, servers, etc.).
We're using a virtual controller based environment, and all the APs are Model 305.
Nothing I've tried so far is working - either the mobile devices still have access to everything, or they cannot get an IP address from DHCP so it never connects. If there is a step-by-step document someone can point me to I would appreciate it.
Thank you