+ Post New Thread
Results 1 to 6 of 6
Wireless Networks Thread, Ruckus Guest Access in Technical; How come when connecting to the Wireless Guest SSID clients are getting a DHCP responce when the following rules are ...
  1. #1
    Quackers's Avatar
    Join Date
    Jan 2006
    Posts
    1,310
    Thank Post
    40
    Thanked 141 Times in 116 Posts
    Rep Power
    53

    Ruckus Guest Access

    How come when connecting to the Wireless Guest SSID clients are getting a DHCP responce when the following rules are set

    Order Description Type Destination Address Application Protocol Destination Port
    Action
    1 Deny 192.168.0.1/19 Any Any Any
    EditClone
    2 Deny 10.0.0.0/8 Any Any Any
    EditClone
    3 Deny 172.16.0.0/12 Any Any Any
    EditClone
    4 Deny 192.168.0.0/16 Any Any Any
    EditClone
    Create New Advanced Options

    My DHCP server has an address of 192.168.2.1 so how come its being allowed to communicate with it when everything is set to Deny?

  2. #2

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,341
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414
    Your subnetting is wrong?

    Ben

  3. #3

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,635
    Thank Post
    514
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    DHCP requests are not sent via IP, so rules preventing communication by IP can't be followed.

    Bascially, DHCP commands are sent in a different network layer - layer 2, and those rules are layer 3 rules.

    That'd be my theory anyway!

  4. #4
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,349
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    DHCP is application layer, above IP. It uses 255.255.255.255 as a broadcast packet and as the client doesn't yet have an IP it cannot be blocked by a rule. Why would you want to stop people from getting IPs? It would be a lonely guest network!!

  5. #5
    Quackers's Avatar
    Join Date
    Jan 2006
    Posts
    1,310
    Thank Post
    40
    Thanked 141 Times in 116 Posts
    Rep Power
    53
    Well i was just confused as DHCP is an option to Allow, so since all was set to block i was just woundering why it allows it through if there is an option for it.

  6. #6
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,349
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    Is this on a CISCO device? I haven't done much in the way of ACLs for HP ones. On a CISCO device the DHCP DNS etc options are there for ease of reading of port numbers. If you wanted to disable DHCP completely on a subnet you would have to use the 0.0.0.0/0 DHCP option but it would be pretty useless for the most part.

    What I would expect from your rule there is that once your clients have IP addresses that they would no longer be able to contact the DHCP server. Try this by pinging once the clients are up and running. That would prove that your rule is working as such.

    Its an odd set up though, normally you would want to allow only access to your DHCP servers from a guest network and none of the others (if it was a super secure environment ) This would be so that when clients renegotiate their lease (half way through their lease time) they can do so. Otherwise when the lease time is up you will get clients being disconnected for a short period while they renegotiate a lease from scratch from your server.

    Hope that makes some sense!!

SHARE:
+ Post New Thread

Similar Threads

  1. RUCKUS help - Guest access & the internet via Proxy
    By jamin100 in forum Wireless Networks
    Replies: 24
    Last Post: 15th March 2012, 09:21 AM
  2. Ruckus Wireless - Guest Access from Mac devices
    By Maxell in forum Wireless Networks
    Replies: 0
    Last Post: 2nd November 2011, 02:36 PM
  3. HP msa750 wireless guest access?
    By nicholab in forum Wireless Networks
    Replies: 0
    Last Post: 9th October 2009, 09:27 AM
  4. Wireless Guest Access for PDA's,Laptops,IPhones using VLAN
    By steveo2000 in forum Wireless Networks
    Replies: 15
    Last Post: 28th July 2009, 11:07 AM
  5. Wireless Guest Access
    By steveo2000 in forum Internet Related/Filtering/Firewall
    Replies: 9
    Last Post: 19th March 2009, 06:41 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •