Security

last person joined: 10 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Guest Network setup

This thread has been viewed 4 times

  • 1.  Guest Network setup

    Posted Nov 06, 2019 09:18 AM

    Hi, I'm probably overthinking this but hopefully it's something easy I'm missing.

     

    I have about 50 IAP-305 all serving the same SSID throughout our facility. I use Instant to manage it and it all works fine.

     

    The network these APs are serving gets DHCP from a Windows domain server. All of the devices get DNS from the Windows server and it forwards to our firewall which routes traffic to the Internet.

     

    Now I need to set up a guest network. It will be turned on only for events so I'd like to keep it simple, using a single user ID. It only needs access to the Internet. As I'm going through the steps for the Guest network, I choose Guest, Virtual Controller Managed IP, Default VLAN, and unrestricted. This works, but of course the clients can get to all the devices on the private network. I tried restricted, denying the network range where the private network devices are located, but then I no longer have Internet access.

     

    What do I have to do to allow Internet-only guest access on the same APs as the private network uses?

     

    Thank you



  • 2.  RE: Guest Network setup
    Best Answer

    EMPLOYEE
    Posted Nov 06, 2019 09:36 AM

    In your restricted rule, at the top you should allow dhcp to anywhere, dns to anywhere, and then of course your deny rule for your subnets but allow everything after that.

     

    See if that works.



  • 3.  RE: Guest Network setup

    Posted Nov 06, 2019 09:48 AM

    That's perfect! Thank you so much