Try to block traffic to an ip

Topic

Hi,

 

I will try to explain my demand.

I have an ALE Cirrus with X APs on my site.

I have 1 SSID Corporate / 1 SSID Guest / 1 SSID Other

On my site I have only one vlan

My SSID Corporate have to access al ressources –> Ok no problem

My SSID Guest have to be isolate –> Ok no problem with client isolation

My SSID Other have to acess only Internet and a server on my lan and don’t have access to the rest of the lan.

 

So I want to create an ACL or something sinilaire on my SSID OTHER

Access IE + access only 192.168.1.X ….

It is possible ? I can’t do it..

I try to play with ALC Tab but with no success

 

Many thanks

 

Date
18.02.2022
answer
1
views
0
Author
Asked by aimad

Answers

Hi Aimad,

I would suggest creating an ARP (Access Role Profile)  and attaching it to the "Other" SSID and including a policy list in the ARP. You can find a video in the "Live" section of Spacewalkers which can give you an idea about ARP (also known as UNP: User Network Profile).

In the policy list, you will need to include, not only access to the specific server IP but also every other pre-requisite such as ARP (Address Resolution Protocol), DHCP, DNS as well as traffic going in and out to the Internet. I don't know whether you simply have a router doing NAT/PAT out to the internet or use a proxy etc. If you have a router, you could create a policy allowing traffic to/from the router's MAC. If using a proxy, you can do it with the IP address of the proxy.

Hope this helps.

Date
18.02.2022
Author
Asked by pmart
Add Comment
Vote