Jump to content

Ruckus access control

cookie_monster

By cookie_monster
in Wireless Networks

 Share

Recommended Posts

cookie_monster

cookie_monster

Posted
Posted

Hi all, we’ve just installed a few Ruckus AP’s and a ZD 1000 and I’m looking at options, it’s currently in use with some wireless netbooks so I can’t do too much experimenting.

I have 2 WLANs setup one is on our private LAN and one is going to be open, I’d like the open one to be banned from seeing any IP’s on my private LAN.

 

At the moment the private and public LAN are on two separate VLAN’s and each have a separate IP range, as I need to allow DHCP forwarding and access to the smoothwall and a web server on the private LAN the two VLANs are routable through the core switch. How can I use the Ruckus ZD to block access to the private LAN IP range except for a couple of IPs.

 

Alternatively does anyone else have a better way to manage this type of setup with Ruckus? Wireless client isolation maybe?

 

Thanks.

MYK-IT

MYK-IT

Posted
Posted (edited)

If i remember correctly whilst testing some Ruckus kit there is an isolation option you can enable for the Guest WLAN whichs stops users from connecting to other PCs on the same WLAN.

 

If that is not quite what you mean by private / public (or maybe you mean Admin / Curriculum) i assume it would be down to setting up suitable ACL Rules on your Layer 3 switch. I can't advise any further as i am still wading through the 100s of pages for our 3COM 5500G-EI Switch to do the same thing!

 

EDIT: Just remembered that i also saw some options on the Ruckus config where by you could dis/allow certian subnet / ip ranges, maybe this may help??

Edited by MYK-IT
cookie_monster

cookie_monster

Posted
  • Author
Posted
If i remeber correctly whilst testing some Ruckus kit there is an isolation option you can enable for the Guest WLAN whichs stops users from connecting to other PCs on the same WLAN

 

 

Yes I was looking at that, I wonder if you can then enable a couple of IP's? I need to sit down with the manual I think :)

cookie_monster

cookie_monster

Posted
  • Author
Posted

Right well I've setup some rules on the guest VLAN that doesn't allow anything to connect to my private LAN except for the smoothwall, the important part is to get the rules in the right order so the allowed IP comes first in the list and then straight after that the banned subnets (I'm pretty sure that's right, shout up if anyone knows better)

 

I set No authentication on the guest WLAN and they can't connect to anything or ping anything until they agree to the AUP after that they can ping the smoothwall and pick up proxy settings, I can't ping any other wireless clients on the same subnet or any address' in any other subnet. I think I'm in bussiness :)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • 11 When would you like EduGeek EDIT 2025 to be held?

    1. 1. Select a time period you can attend


      • I can make it in June\July
      • I can make it in August\Sept
      • Other time period. Please comment in the thread what works for you
      • Either time
×
×
  • Create New...