Ruckus access control
Hi all, weíve just installed a few Ruckus APís and a ZD 1000 and Iím looking at options, itís currently in use with some wireless netbooks so I canít do too much experimenting.
I have 2 WLANs setup one is on our private LAN and one is going to be open, Iíd like the open one to be banned from seeing any IPís on my private LAN.
At the moment the private and public LAN are on two separate VLANís and each have a separate IP range, as I need to allow DHCP forwarding and access to the smoothwall and a web server on the private LAN the two VLANs are routable through the core switch. How can I use the Ruckus ZD to block access to the private LAN IP range except for a couple of IPs.
Alternatively does anyone else have a better way to manage this type of setup with Ruckus? Wireless client isolation maybe?
If i remember correctly whilst testing some Ruckus kit there is an isolation option you can enable for the Guest WLAN whichs stops users from connecting to other PCs on the same WLAN.
If that is not quite what you mean by private / public (or maybe you mean Admin / Curriculum) i assume it would be down to setting up suitable ACL Rules on your Layer 3 switch. I can't advise any further as i am still wading through the 100s of pages for our 3COM 5500G-EI Switch to do the same thing!
EDIT: Just remembered that i also saw some options on the Ruckus config where by you could dis/allow certian subnet / ip ranges, maybe this may help??
Originally Posted by MYK-IT
Yes I was looking at that, I wonder if you can then enable a couple of IP's? I need to sit down with the manual I think :)
Right well I've setup some rules on the guest VLAN that doesn't allow anything to connect to my private LAN except for the smoothwall, the important part is to get the rules in the right order so the allowed IP comes first in the list and then straight after that the banned subnets (I'm pretty sure that's right, shout up if anyone knows better)
I set No authentication on the guest WLAN and they can't connect to anything or ping anything until they agree to the AUP after that they can ping the smoothwall and pick up proxy settings, I can't ping any other wireless clients on the same subnet or any address' in any other subnet. I think I'm in bussiness :)