03-08-2021 02:49 PM
Hello Team
Please how to Block NMAP port Scanning from Guest wireless Network ?
I have configure Guest wireless. Guest is not able to ping Any ressource But NMAP scanning is working. All Private IP execept ISE, DHCP and DNS is Deny, but NMAP is still able to see others Clients connected
Regards
Zanga
Solved! Go to Solution.
03-11-2021 07:58 PM
Can you share the ACL you’ve implemented?
03-13-2021 11:50 AM
This sounds like an ACL issue on the WLC as stated by @Francesco Molino .
03-08-2021 07:21 PM
Hi
The guest is going through a FW? How you wanted to block the nmap for guests? Were you thinking using a simple ACL or using a next-gen FW (IPS and/or blocking based on application detection)?
By ACL, you won’t be able to block it without blocking legitimate traffic. The 2nd option will be the way to go.
03-08-2021 10:04 PM
Thank for your response Francesco.
The wireless Guest are not going through an firewall.
I have deny access to all private IP range excempt for ISE, DNS, and DHCP via the WLC Flexconnect ACL.
Ping, and SSH, or Telnet from Putty is not working. But NMAP is still able to scan the Network.
Thanks
Zang
03-11-2021 07:58 PM
Can you share the ACL you’ve implemented?
03-13-2021 11:50 AM
This sounds like an ACL issue on the WLC as stated by @Francesco Molino .
09-18-2023 03:58 AM
We are using 9800 WLC with DNAC solution and facing the same challenges. Since Guest is open to connect and outsiders is able to see the connected Mac address by nmap scan hence able to bypass portal authenticaiton by spoofing valid connected user mac address.
Cisco is unable to provide any solutions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide