Dear,
I have question on how to prevent guest terminal device(Smartphone, Laptop and etc.) connect to network by briding route via their own wireless router device.
I noted the stateful firewall of Aruba Controller 650 has relevant functions:
1.Deny Inter User Bridging
2.Deny Source Routing
My situation is:
1. terminal device directly connect to Aruba-AP --> authenticated by clearpass guest portal 6.2 --> only terminal device can connect to Internet.
2.terminal device connect to Aruba-AP via their own wireless router--> authenticated by clearpass guest portal 6.2 --> all devices connecting with Guest-side wireless router can connect to internet directly.(even a new terminal device, no authenticated anymore)
=> That's because all terminal devices are under NAT convertion via Guest-side wireless router connecting to Aruba-AP.
(and the MAC of Guest-side router has authenticated to internet by clearpass.)