Wireless Access

last person joined: 3 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Controller is the DHCP default router?

This thread has been viewed 1 times

  • 1.  Controller is the DHCP default router?

    Posted Sep 07, 2016 06:17 PM

    Hi,

    My guests get an IP from the controller and the controller is the default gateway for the users. The are allowed to reach clearpass using ESI server/group to authenticate and all. 

    My issue is that guests users are able to access the web UI for the controller and putting an ACL(blocking svc-http and https to the destination of the controller IP address) on the guest role breaks some internet functionality for the guests, I even tried to only block tcp-4343 but it still broke some webb sites redirects. 

    Any thoughts?



  • 2.  RE: Controller is the DHCP default router?

    EMPLOYEE
    Posted Sep 07, 2016 07:58 PM

    All guest users should be able to access the controller via http and https.  What you should do is use Application Access Control on ClearPass to determine what subnets can access what admin pages on ClearPass http://www.arubanetworks.com/techdocs/ClearPass/6.6/PolicyManager/index.htm#CPPM_UserGuide/Admin/ServerConfig_editnetworktab.htm#Access_restrictions



  • 3.  RE: Controller is the DHCP default router?

    Posted Sep 07, 2016 11:26 PM

    No sure I get your answer!

    You say use application access controller on clearpass? my issue is not the users accessing clearpass, it is the users accessing the controller GUI.



  • 4.  RE: Controller is the DHCP default router?

    EMPLOYEE
    Posted Sep 08, 2016 04:54 AM
    Okay. You tried only blocking TCP 4343 to the controller in the guest production role? That should not hurt anything.