Wireless Networks Thread, Ruckus l3\ip access list for guest users in Technical; Hello
Running ruckus zd, build 220.127.116.11 build 138, all aspects working fine for domain based devices - authentication and access ...
11th January 2012, 10:12 AM #1
- Rep Power
Ruckus l3\4\ip access list for guest users
Running ruckus zd, build 18.104.22.168 build 138, all aspects working fine for domain based devices - authentication and access to internet via proxy.
But for guest devices i cannot browse the internet and i think i have narrowed the problem down to my L3\4\Ip address access list.
Can anyone tell me what allow rules they have created to allow guest devices to get internet access.
I have the dns and dhcp rules that were there by default and i have also added rules to the gateway and proxy server but i cannot access internet. Maybe its a protocol i need to allow access to?
If i change the default rule from deny to allow, all guest users can get internet access via the transparent proxy, so i must be missing an allow rule but i cannot think what. As soon as i change back to deny access drops.
Network is vlanned and the guest users are getting the correct ip address range and correct gateway. The vlans do not have any access lists on them just for grouping devices.
IDG Tech News
17th January 2012, 05:14 PM #2
Can SShot your ACL over please. Along with the WLAN settings please.
9.2 is a beta code and should not be on a production ZD. May i ask where you got that FW from?
18th January 2012, 09:53 AM #3
- Rep Power
Here are the 2 screen shots. wlan and acl.
I got the 9.2 from my account manager who has now contacted me to tell me to rollback as its not for public consumption.
Hope you can point me in the right direction as to what is stopping me getting guests to access web.
18th January 2012, 11:50 AM #4
9.3 is out now, i suggest you do NOT upgrade to 9.3 from your current build. I have tested it in a lab and am seeing failed upgrades left fright and centre. Factory resets are needed to restore.
As for your guest network you do not need to create a L3/4 ACL.
There is a separate L3/4 ACL under guest access settings that are applied to the client(when the WLAN usage type is guest access or the isolation is set to full)
You also do not want local isolation but full isolation(any WLAN that has full isolation enabled has the L3/4 ACL from guest access settings applied to it)
10.0.0.152/22 applies to the entire subnet which i presume you do not want for guest clients. You need a /32 (single address range).
Is there a proxy address that need to be added as well or are the clients thrown directly out of the FW?
If you are locking it down to HTTP and HTTPS only i would use the application as any/ source as any and just add the destination as ports 80 and 443
By soveryapt in forum *nix
Last Post: 16th November 2011, 01:12 PM
By LeonieCol in forum Network and Classroom Management
Last Post: 27th October 2008, 04:40 AM
By plexer in forum How do you do....it?
Last Post: 17th December 2007, 01:50 PM
By rama1712 in forum Windows
Last Post: 6th October 2006, 02:01 PM
Last Post: 8th February 2006, 07:25 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)