cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

694
Views
5
Helpful
4
Replies
O.Zang
Beginner

Block NMAP port Scanning from Guest wireless Network

Hello Team

Please how to Block NMAP port Scanning from Guest wireless Network ?

I have configure Guest wireless. Guest is not able to ping Any ressource But NMAP scanning is working. All Private IP execept ISE, DHCP and DNS is Deny, but NMAP is still able to see others Clients connected

 

Regards

Zanga

2 ACCEPTED SOLUTIONS

Accepted Solutions

Can you share the ACL you’ve implemented?


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

thomas
Cisco Employee

This sounds like an ACL issue on the WLC as stated by @Francesco Molino .

 

View solution in original post

4 REPLIES 4
Francesco Molino
VIP Mentor

Hi

 

The guest is going through a FW? How you wanted to block the nmap for guests? Were you thinking using a simple ACL or using a next-gen FW (IPS and/or blocking based on application detection)?

 

By ACL, you won’t be able to block it without blocking legitimate traffic. The 2nd option will be the way to go.

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Thank for your response Francesco.

The wireless Guest are not going through an firewall.

I have deny access to all private IP range excempt for ISE, DNS, and DHCP via the WLC Flexconnect ACL.

Ping, and SSH, or Telnet from Putty is not working. But NMAP is still able to scan the Network.

Thanks

Zang

Can you share the ACL you’ve implemented?


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

thomas
Cisco Employee

This sounds like an ACL issue on the WLC as stated by @Francesco Molino .

 

View solution in original post

Content for Community-Ad