Wireless Access

Reply
Occasional Contributor II

Not allowed IP display in client list

Hi,

We have Aruba 7210 controller in master local setup. AOS version 6.5.3.

"Employee" SSID configured with TLS authentication method. AAA profile 8.2.1x authentication role is --> authenticated(default)

Authenticated user get IP address from external DHCP server(IP range 10.105.10.X/24).

 

If i assigned other range static IP on wireless client adapter i.e. 192.168.10.X/24 and tried to connect "Employee" SSID client is getting authenticated role and get connected. But he didn't get wireless IP (10.105.10.X) subnet access.

This IP also reflected in client list with "authenticated" role

 

I have tried to configure permit IP access list under authenticated role for 10.105.10.X/24(rest will be implict deny), we have tried Enforce DHCP but no luck

Please suggest how can i avoid this kind of IP address in client list.

 

 

Guru Elite

Re: Not allowed IP display in client list

If clients by default are assigned the subnet of 10.105.10.x/24 they would only be able to pass traffic if they have an ip address on that subnet.  If you assign a client any other ip address, there would be no router to route their traffic off of that subnet, so manually setting the ip address to any other range would not work.

 

The client's ip address would be displayed in the user table, even though it would not be able to go anywhere.  Using "Enforce DHCP" or editing the Validuser ACL should accomplish what you need, however.  http://community.arubanetworks.com/t5/Controller-Based-WLANs/What-is-validuser-ACL-and-its-uses/ta-p/178584  If "Enforce DHCP is not working, check to make sure you are editing the right AAA profile.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

Re: Not allowed IP display in client list

Hi,

i have configured valid user ACL with "Enforce DHCP"

Client is getting the correct subnet valid IP address but could not get other network subnet(wired -10.105.12.X/24) access.

If i again assigned "authenticated" role, client is getting access to other network subnet.

Please suggest how to fix the issue.

Guru Elite

Re: Not allowed IP display in client list

What are you trying to restrict?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

Re: Not allowed IP display in client list

Hi,

 

I want to allow IP subnet 10.105.10.X/24 in client table and deny other IP subnet entry into client table. But at the same time allow IP subnet traffic should communicate with other network IP subnet.

I guess, i need to add all other IP subnet ACL. but again if any wireless client assigned static IP(other subnet) that will be reflect in the client table.

Thank you...

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: