Controllerless Networks

Michael_Clarke · ‎01-17-2014

Hi,

I had a situation with some instants where the DNS requests were blocked, even though I had explicitly allowed them. It is for guest traffic, that is using a corp DNS on 192.168.0.0 network.

The rules were as such,

svc-dhcp any allow
svc-dns any allow
any network 192.168.0.0/16 deny
any any permit

No response from the DNS server on 192.168.100.250. Unless I've misunderstood the firewall rule, this should have worked?

The clients are also on a 192.168.154.0 subnet as well, so maybe that has something to do with it.

If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com

cdelarosa · ‎01-17-2014

Is that an instant rule?

instant aps rules looks more like this

wlan access-rule Casa 
index 2 
rule any any match any any any permit log

That looks more like a Controller firewall rule what you got in there though or did you type it like that because it was easier for the forum users to read?

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp

Michael_Clarke · ‎01-18-2014

Carlos, actually it is for Instants, but I was writing the rule off the top of my head. The actual rules are

rule any any match udp 67 68 permit
rule any any match udp 53 53 permit
rule 192.168.0.0 255.255.0.0 match any any any deny
rule any any match any any any permit

but even if I put 'rule 192.168.101.250 255.255.255.255 match any any any permit' above the deny rule, it still doesn't get DNS.

AP225s version 4.0.0.1

If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com

Innovate at the speed of mobile and IoT.

Be in the know.

Join, Learn, Share.

How can we help?

Essential Reading.

Ideas Exchange.

Controllerless Networks

Instant firewall rules blocking DNS even though it is allowed

Instant firewall rules blocking DNS even though it is allowed

Re: Instant firewall rules blocking DNS even though it is allowed

Re: Instant firewall rules blocking DNS even though it is allowed

Re: Instant firewall rules blocking DNS even though it is allowed

Re: Instant firewall rules blocking DNS even though it is allowed

IAP Licenses

IAP and external Captive Portal

Instant AP DHCP with Ip helper

A little question about IAP

IAP autojoin mode - how?

Creative Configurations

Remote AP

ap uptime

COTD: Getting quick information on an 802.1x client

COTD: Configuring ARM scanning for any client type

WPA-PSK and VLAN assignment via MAC address

Cisco ACS and Aruba Radius Auth

ICMP Type and Code Filtering

Remove wireless profiles on Windows XP machines

Rolling out 802.1x with GTC

Aruba Instant Downloads

Beta Downloads

Re: VIA Downloads

Aruba Instant 6.4.2.6-4.1.1.10 Released 9/28/15

Re: ArubaOS Downloads

Remote AP Networks

Indoor 802.11n Site Survey and Planning

Base Designs Lab Setup for Validated Reference Design

Optimizing Aruba WLANs for Roaming Devices

Managing and Optimizing RF Spectrum for Aruba WLANs

Controllerless Networks

Instant firewall rules blocking DNS even though it is allowed

Instant firewall rules blocking DNS even though it is allowed

Re: Instant firewall rules blocking DNS even though it is allowed

Re: Instant firewall rules blocking DNS even though it is allowed

Re: Instant firewall rules blocking DNS even though it is allowed

Re: Instant firewall rules blocking DNS even though it is allowed

Follow Us