07-03-2015 02:30 AM
I have an issue where a client is issuing DHCP leases. With controller based systems I alway implement a firewall rule as standard to prevent users from issuing udp port 67. How do I do the same on an IAP installation?
Thank you in advance..
Solved! Go to Solution.
07-03-2015 02:35 AM - edited 07-03-2015 02:38 AM
rule type: access control
port : 68/67
to all destination
07-03-2015 03:27 AM
We should deny UDP 68 traffic from a user to any destination. It is simple, if you want to allow a client to get an IP address, allow UDP 67 traffic from the client, if you want to stop the client to Assign/Renew the IP, Deny ( Stop) UDP 68 traffic from the Client.
Hope you got more clarity on this.
Please feel free for any further clarity on this.
[Is my post helped you ? Give Kudos :) ]
07-03-2015 08:05 AM
Thank you for your response.
On a controller based system the rule can be created either by the GUI or terminal:
user any udp 68 deny
Where is the rule created on Instant APs?
07-03-2015 08:14 AM
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP