Controllerless Networks

Occasional Contributor II

Guest network not working as expected

Hi, I have 4x IAP105 accesspoints. I enabled the guest access with separate SSID and role based policies. Here are the details:

Primary usage: Guest

Vlan: VC assigned


  Splashpage : Internal authenticated

  Auth Server: Internal Server

  Re Auth Interval : 30 Mnts

  Internal server: 2 users


  Http-Access to all dest.

  Https-Access to all dest.

  DNS-access to all dest.

  any-deny-to all dest.


So, to my question now. My goal is to protect the guest looking at my internal network. They only required to browse the internet. They should not ping, telnet, search servers etc. And they should receive authentication screen before browsing started.


But, now, with above configuration, they are able to use the outlook, they can browse the internet without authentication! but they cannot ping to the servers, thats good. I am surprised why the authentication screen dont display to them.


Please let me know what is the best practice for the guest network and what access policies should define and what is the order of the policy placement.


Thanks for your support.


Re: Guest network not working as expected

You are doing the policy incorrectly



Withyour policy you are allowing http access to all the internal servers

dns access to all internal servers and also https access to all internal servers


The rule should be like this


Let say your internal networks are


all access deny  to

all access deny  to

all access deny  to

all access allow dns to all destination

all access allow http to all destination

all access allow https to all destination


That if you just want to allow access to http https and dns to the internet


Now remenber that if you got a webfilter and the ip address of the AP is the one that you need to use.... i dont know if you understand this part?

You need to use the IP addresses of the APs to use the webfilter correctly.


Product Manager - Aruba Networks
Alternetworks Corp
Search Airheads
Showing results for 
Search instead for 
Did you mean: