Hi,
I have 7205 controller running OS 8.6.4.0. I want to create an SSID with WPA key that'll allow the users to access internet and block access to internal network. I want the user to get IP from the internal dhcp server. Please help me in achieving this?
Thanks in advance.
Please see the below. It is recommended to use an external DHCP server (i.e not the controller). You will also need to ensure that the controller has an L3 interface in within the DHCP Scope.
https://www.arubanetworks.com/techdocs/ArubaOS_85_Web_Help/Content/gsg/enb-dhcp-srv-cap.htm?Highlight=dhcp%20server
What I meant is I want the users in this SSID to use a DHCP server in the internal network, not the controller itself. Basically a SSID with only internet access and block access internal networks (except dhcp). Thanks
create a role with acl's, below an example of allowing dhcp:
(host)(config) #ip access-list session guest-logon-access
user any udp 68 deny
any any svc-dhcp permit time-range working-hours
user alias “Public DNS” svc-dns src-nat time-range working-hours
extra explanation of several situations can be found here:
https://www.arubanetworks.com/techdocs/ArubaOS_62_Web_Help/Content/ArubaFrameStyles/Captive_Portal/Example_Authentication_w.htm#:~:text=guest%2Dlogon%20is%20a%20user,restrictive%20than%20the%20logon%20role.
In that case you need to add an IP Helper to the VLAN Interface in order for the controller to reach the DHCP Server. Make sure the controller has the relevant routing to the DHCP Server.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.