Wireless Access

 View Only
last person joined: 2 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

Guest VSC and internal hosts

This thread has been viewed 0 times
  • 1.  Guest VSC and internal hosts

    Posted Jan 13, 2012 09:02 AM

    I manage a pre-existing/pre-configured infrastructure.  It's a complete HP infrastrucutre.  I have an MSM765zl sitting inside a 5406zl which uplinks to my core 8212zl.  I have 2 VSC's configured on the controller.  One is for LAN data and the other is for guest access.  The guest VSC is NOT the default VSC, it was added.  It is configured to Always tunnel traffic through the controller.  The guest VLAN that was setup is connected to my DMZ for internet access.  I have several webservers on my internal LAN that I would like to give access to the guest users.  Is this possible?  What can I do?  I ideally only want my guest clients to access only those specific webservers and then of course, only the internet and not access any other internal resources. 

     

    It should also be said that these webservers do have public identities and are accessible externally.  My guest VSC is configured on my DMZ, as stated before.  Now my internal webservers are identified 2 different ways via DNS - by my local DNS server, obviously it points to the internal IP address of the server and then on the public DNS points to the public IP address.  My controller is configured with the internal DNS servers on my LAN.  So I assume that when my guest requests a webpage, my internal DNS server responds with the internal IP address of my webserver.  Not sure if I can create a static DNS entry inside of my guest VSC configuration - I doubt it.  But if that were able to be done, I could specify the public address, maybe, and not have to allow internal traffic? 

     

    Thanks for any assistance, it is appreciated.


    #VSC
    #guest
    #MSM765zl
    #wireless
    #guestinternalaccess


  • 2.  RE: Guest VSC and internal hosts

    Posted Jan 28, 2012 08:21 AM

    I have exactly the same problem!

    Under Public Access->Attributes, I've added this ACE:

     

    factory,ACCEPPT,tcp,<IP_OF_INTERNAL_HOST>,80,all

     

    but hosts on the guest VSC still aren't able to accees this host. The browser loads until it gets a timeout.

    Does anyone have a solution to this?



  • 3.  RE: Guest VSC and internal hosts

    Posted Feb 02, 2012 08:03 AM

    Heard nothing yet on this.  I have tried ticking off the box to allow wired clients to talk to wireless tunneled clients in the guest VSC config.  I even turned off the firewall as a test - still am unable to get to internal hosts.