Wireless Access

Reply
Highlighted
Occasional Contributor II

SSID with restricted access

Hi,

I have 7205 controller running OS 8.6.4.0. I want to create an SSID with WPA key that'll allow the users to access internet and block access to internal network. I want the user to get IP from the internal dhcp server. Please help me in achieving this?

Thanks in advance.


Accepted Solutions
Highlighted

Re: SSID with restricted access

create a role with acl's, below an example of allowing dhcp:

 

(host)(config) #ip access-list session guest-logon-access

user any udp 68 deny

any any svc-dhcp permit time-range working-hours

user alias “Public DNS” svc-dns src-nat time-range working-hours

 

extra explanation of several situations can be found here:

 

https://www.arubanetworks.com/techdocs/ArubaOS_62_Web_Help/Content/ArubaFrameStyles/Captive_Portal/Example_Authentication_w.htm#:~:text=guest%2Dlogon%20is%20a%20user,restrictive%20than%20the%20logon%20role.



- - - - Aruba ACCX #748, ACDX #758, ACMP, ACEAP | HPE Master ASE - - - -
- - - - - - - Feel free to give kudos or accept as a solution! - - - - - - - - -

View solution in original post


All Replies
Highlighted
MVP Guru

Re: SSID with restricted access

Please see the below. It is recommended to use an external DHCP server (i.e not the controller). You will also need to ensure that the controller has an L3 interface in within the DHCP Scope.

 

https://www.arubanetworks.com/techdocs/ArubaOS_85_Web_Help/Content/gsg/enb-dhcp-srv-cap.htm?Highlight=dhcp%20server


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Highlighted
Occasional Contributor II

Re: SSID with restricted access

What I meant is I want the users in this SSID to use a DHCP server in the internal network, not the controller itself. Basically a SSID with only internet access and block access internal networks (except dhcp). Thanks

Highlighted

Re: SSID with restricted access

create a role with acl's, below an example of allowing dhcp:

 

(host)(config) #ip access-list session guest-logon-access

user any udp 68 deny

any any svc-dhcp permit time-range working-hours

user alias “Public DNS” svc-dns src-nat time-range working-hours

 

extra explanation of several situations can be found here:

 

https://www.arubanetworks.com/techdocs/ArubaOS_62_Web_Help/Content/ArubaFrameStyles/Captive_Portal/Example_Authentication_w.htm#:~:text=guest%2Dlogon%20is%20a%20user,restrictive%20than%20the%20logon%20role.



- - - - Aruba ACCX #748, ACDX #758, ACMP, ACEAP | HPE Master ASE - - - -
- - - - - - - Feel free to give kudos or accept as a solution! - - - - - - - - -

View solution in original post

Highlighted
MVP Guru

Re: SSID with restricted access

In that case you need to add an IP Helper to the VLAN Interface in order for the controller to reach the DHCP Server. Make sure the controller has the relevant routing to the DHCP Server.


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: