Wireless Access

Contributor II


I am trying to use the Default guest profile for guest access to the internet. I therefore created a VLAN32 with interface IP for the guest users. This vlan should be able to access just the internet and nothing else. After creating this VLAN, everything works well just that the VLAN has access to the whole internal network. But if i disable inter VLAN routing on the internal VLAN (Management VLAN), then the clients in the guest VLAN is blocked entire from all the network resources (Internet etc). I therefore wanted to use ACLS on the my firewall/default gateway to block internal access and allow only internet and OpenDNS but this unfotunately doesnt work either as expected. I traced route and realised that, the routes does not go through the firewall/default gateway to reach the internal network, so I am supposing that is why the ACLs re not applied to the traffic. I would like to set the default gateway for the VLAN32 clients to the firewall/default gateway IP instead of the VLAN32 interface IP, but since they will not be in the same subnet/network it will not work. Can someone suggest a work around for my situation?



thank you.

Guru Elite


You should create a netdestination that contains your internal networks and create a session ACL that blocks access to that netdestination.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II




Thanks for the quick reply. Unfortunately, i have the basic license which does not allow me to create session ACL. So i cannot create the netdestination as you are suggesting. What will be my other options?

Search Airheads
Showing results for 
Search instead for 
Did you mean: