Controllerless Networks

Hello Everyone,

I have 90 Instant 103 Access Points at the same cluster with an open SSID, any one using the IP Scanner can see every one on the network.

I have tried to Enable (Deny inter user bridging) but its not working.

How could i to block the ip scanners, i need to prevent any one to scan my network? How to do this at my Virtual Controller?

Please help ASAP.

The deny inter user bridging option should work though. Alternatively you could also work with user derivation and drop the mac-addresses from the IP scanners into another role/vlan with the necessary restrictions. 

Can i apply deny inter user bridging on a cluster contains 90 AP or it works on one AP only?

I tried to enable it on the cluster it won't work, but it works in one AP only!!!

Derar,

The problem with an open SSID is that there is nothing that really can be blocked.  A user that would have to resort to active scanning on an encrypted SSID can easily get everything they need through passtive scanning.  Unless you implement some sort of encryption on that SSID, everything can be seen..

Thanks all, if i got a real controller like 72xx or 3600 could i block it there or its the same issue?

No, you need to  start with having encryption on your SSID.  With an open ssid, everything can be seen.  With encryption it is more likely that what can and cannot be seen and can be controlled.  This is more a general statement about wireless security rather than how you keep someone from scanning your network.  Please see the document here:  https://community.arubanetworks.com/aruba/attachments/aruba/ForoenEspanol/295/1/WP_BUILDING%20GLOBAL%20SECURITY%20POLICIES%5B1%5D.pdf

To be specific, deny inter user bridging works by blocking ARP responses.  Unless you use encryption, ARP responses would be easily seen in the air and cannot be controlled.