Try to block traffic to an ip

Aimad · February 18, 2022, 4:15pm

Hi,

I will try to explain my demand.

I have an ALE Cirrus with X APs on my site.

I have 1 SSID Corporate / 1 SSID Guest / 1 SSID Other

On my site I have only one vlan

My SSID Corporate have to access al ressources --> Ok no problem

My SSID Guest have to be isolate --> Ok no problem with client isolation

My SSID Other have to acess only Internet and a server on my lan and don't have access to the rest of the lan.

So I want to create an ACL or something sinilaire on my SSID OTHER

Access IE + access only 192.168.1.X ....

It is possible ? I can't do it..

I try to play with ALC Tab but with no success

Many thanks

pmart · February 21, 2022, 10:16am

Hi Aimad,

I would suggest creating an ARP (Access Role Profile) and attaching it to the "Other" SSID and including a policy list in the ARP. You can find a video in the "Live" section of Spacewalkers which can give you an idea about ARP (also known as UNP: User Network Profile).

In the policy list, you will need to include, not only access to the specific server IP but also every other pre-requisite such as ARP (Address Resolution Protocol), DHCP, DNS as well as traffic going in and out to the Internet. I don't know whether you simply have a router doing NAT/PAT out to the internet or use a proxy etc. If you have a router, you could create a policy allowing traffic to/from the router's MAC. If using a proxy, you can do it with the IP address of the proxy.

Hope this helps.