Occasional Contributor II

Best security practice on IAP



What are the best security practices to implement on IAP? Few I can think of;

Block RFC 1918 addresses on Guest wireless.

Block access to & per SSID on corp. 


Is it necessary to block PAPI communication between SSID? 

Aruba Employee

Re: Best security practice on IAP

in my opinion, it is not really necessary to block PAPI, however you can

  • enable cluster security
  • disable telnet access
  • enable "protection from wired attacks"
  • use inbould firewall use to provide mgmt access from a specific subnet
  • use IDS/IPS functionality relevant to your organisation 
  • use the relevant WebCC rules to compliment your egress firewall policies

finally there is a new feature in Instant 8.5 around client isolation.

check this tutorial.



Search Airheads
Showing results for 
Search instead for 
Did you mean: