Wireless Access

last person joined: 3 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

No PEFNG license, any way to stop the wifi clients from hitting the web-page on the controller.

This thread has been viewed 0 times

  • 1.  No PEFNG license, any way to stop the wifi clients from hitting the web-page on the controller.

    Posted Nov 22, 2013 11:45 AM

    Hi, 

     

    This is the scenario. 

     

    The controller has no PEFNG license, the controller does the routing for the client vlans. I mean the default gateway for the clients is on the controller.

     

    is there any way for to stop the clients from getting the webpage of the controller, if they put the default-gateway ip in the web-browser.

     

    The clinet ssid is WPA2-PSK, and get vlans assigned from the VAP. 

     

    regards,

     

     



  • 2.  RE: No PEFNG license, any way to stop the wifi clients from hitting the web-page on the controller.

    Posted Nov 22, 2013 01:56 PM

     

    Unfortunately you can't stop this from the controller side if you don't have the PEF licenses.

     

    But if you have an uplink switch that supports ACLs you could do or an external firewall.



  • 3.  RE: No PEFNG license, any way to stop the wifi clients from hitting the web-page on the controller.
    Best Answer

    EMPLOYEE
    Posted Nov 22, 2013 02:07 PM
    @yogenpartha wrote:

    Hi, 

     

    This is the scenario. 

     

    The controller has no PEFNG license, the controller does the routing for the client vlans. I mean the default gateway for the clients is on the controller.

     

    is there any way for to stop the clients from getting the webpage of the controller, if they put the default-gateway ip in the web-browser.

     

    The clinet ssid is WPA2-PSK, and get vlans assigned from the VAP. 

     

    regards,

     

     

    In ArubaOS 6.3, the new ACL Whitelist feature (Configuration> Advanced Services> Stateful Firewall> ACL Whitelist) does not require the PEF license.  This can be used to block traffic to the controller:  http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Firewall_Roles/Policies.htm



  • 4.  RE: No PEFNG license, any way to stop the wifi clients from hitting the web-page on the controller.

    Posted Dec 18, 2013 10:44 AM

    Cjoseph,

    Thank you. i tested it works..