Aruba Instant & Cloud Wi-Fi

Reply
New Contributor
Posts: 3
Registered: ‎05-20-2014

How do i create a rule for IAP's to prevent users from issuing DCHP?

I have an issue where a client is issuing DHCP leases. With controller based systems I alway implement a firewall rule as standard to prevent users from issuing udp port 67. How do I do the same on an IAP installation?

 

Thank you in advance..

Regular Contributor II
Posts: 225
Registered: ‎10-29-2014

Re: How do i create a rule for IAP's to prevent users from issuing DCHP?

[ Edited ]

rule type: access control
Action: deny
service: custom
protocol: udp
port : 68/67
to all destination

HTH
Cheers
SumaN
Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: How do i create a rule for IAP's to prevent users from issuing DCHP?

Hi,

 

We should deny UDP 68 traffic from a user to any destination. It is simple, if you want to allow a client to get an IP address, allow UDP 67 traffic from the client, if you want to stop the client to Assign/Renew the IP, Deny ( Stop) UDP 68 traffic from the Client.

 

Hope you got more clarity on this.

 

Please feel free for any further clarity on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
New Contributor
Posts: 3
Registered: ‎05-20-2014

Re: How do i create a rule for IAP's to prevent users from issuing DCHP?

Hi Venu,

Thank you for your response.

On a controller based system the rule can be created either by the GUI or terminal:

 

user any udp 68 deny

 

Where is the rule created on Instant APs?

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: How do i create a rule for IAP's to prevent users from issuing DCHP?

Under security, you can configure the roles and add firewall policies.

http://www.arubanetworks.com/techdocs/Instant_41_Mobile/Advanced/Content/UG_files/Roles_and_policies/ConfUserRole.htm

Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 3
Registered: ‎05-20-2014

Re: How do i create a rule for IAP's to prevent users from issuing DCHP?

Thank you for the advice and support!

 

Kind regards

Search Airheads
Showing results for 
Search instead for 
Did you mean: