We have a sort of similar arrangement, with multiple SSIDs with differing login requirements and routing security. The web portal is built into the Aruba controller. I don't recall the details of setting it up for the SSIDs for which we use it, but it was utterly trivial.
We don't use NAT much, but we have the VLANs for the different SSIDs carried out of the controller on a trunked connection to our core router. Access lists there bar clients on untrusted wireless VLANs from passing traffic into trusted internal network segments. David Gillett > -----Original Message----- > From: Frank Bulk [mailto:[email protected]] > Sent: Thursday, January 22, 2009 8:14 AM > To: [email protected] > Subject: [WIRELESS-LAN] Aruba question > > I know that this isn't an Aruba Wireless listserv, but I know > there are enough users and there is likely someone who has > this specific configuration in place that will save me some > hours of configuration. > > I have an existing configuration that server our own > employees, but I would like to provide guest access. This > guest access should use a web portal using private IPs, with > the Aruba 2400 doing the NATing. I would prefer to have our > own DHCP server on "private IP space 1" give out IPs, but > it's OK if the Aruba 2400 does that for me. "Private IP > space 2" should have not routable access to "Private IP space > 1". I can use the DNS servers available on "private IP space > 1" or external public DNS ones. > > Here's a diagram: > ____________ > | |---corporate network, private IP space 1 > | Aruba 2400 | > |____________|---guest access network, private IP space 2 > | > DMZ > | > ------------ > | | > Public DNS Internet > > Anyone have some working configuration? The user guide has > the NAT pieces, but doesn't appear to include the web portal piece. > > I should also add that I have the basic Aruba model, without > Policy Enforcement Firewall. > > Regards, > > Frank > > ********** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
