Wireless Access

Reply
Contributor I

Internal DHCP via Captive Portal

Firstly, thanks to all the people, particularly Colin, who have helped me over the last few weeks.   I am deploying my first Aruba wireless network next week and all your help has been fantastic and greatly appreciated.

 

I have configured a captive portal for guest access and created a unique VLAN to place guest traffic in.   This VLAN is logically separated from the corporate network and I have configued the internal DHCP servers to handle DHCP requests with the DNS servers configured as two external public DHCP servers.

 

My question is what firewall rule(s) do I need to apply to ensure that guest users can access the internal DHCP server?  Is it:

 

source: any

destination: <IP address of controller>

service: dhcp

 

 

 

Crowdie

 

Guru Elite

Re: Internal DHCP via Captive Portal

The rule you need for users to access the dhcp server is:

 

any any service svc-dhcp

 

Please see an article why it should be that way here:  http://kb.arubanetworks.com/cgi-bin/arubanetworks.cfg/php/enduser/std_adp.php?p_faqid=533

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I

Re: Internal DHCP via Captive Portal

Is there any way we can lock down the DHCP so only the wireless LAN controller can respond?

 

Could we use rules such as

 

any  controller svc-dhc permit

controller any svc-dhcp permit

any any svc-dhcp drop

 

 

 

Crowdie

Guru Elite

Re: Internal DHCP via Captive Portal

No, because a DHCP packet does not necessarily have a layer 3 destination or source address.   DHCP renewals are usually a unicast to the old DHCP server, but that is about it.  Please read the explanation on the link I posted earlier.

 

You can stop any other clients from searving up  DHCP by  adding this:

 

user any udp 68 deny

 

That will deny any user from answering a DHCP request.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: