Security, WIDS/WIPS and Aruba ECS

Occasional Contributor II

Isolating Guest Vlans

Hi All,

I need to deny all intranet traffic and only allow webbrowsing for the guest Wlan .How can i achieve this ??

I dont have a PEF liscence

The OS is 5.2 3600 controllers

Thanks in advance
Aruba Employee

Re: Isolating Guest Vlans

Without the PEF license, you can't create new user roles. Since you can't create new user roles, you can't control guest traffic utilizing only the controller. You would have to put the guests in a VLAN that had an ACL on the upstream router/firewall to control traffic.

Your best option would be to purchase the PEF-NG license for the number of APs you own and create a role for guests the only allowed DHCP, DNS and HTTP (and possibly HTTPS if you want to allow it).
Occasional Contributor II

Re: Isolating Guest Vlans


Is there a way i can place an acl in the aruba controller itself without having PEF firewall liscence ?
Guru Elite

Re: Isolating Guest Vlans

No. It is the firewall license that allows you to create ACLs...

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide