I know I'm a bit old-school, but when it comes to access rules I tend to go to the CLI.
First thing to be aware of is that when a device is trying to get an IP via DHCP, it uses the placeholder IP of 0.0.0.0 since it doesn't have an IP yet - so you need to let that through. Something that might match what you're looking for:
wlan access-rule placeholder
index 0
rule any any match udp 67 69 permit
rule 192.168.1.0 255.255.255.0 match any any permit
rule 192.168.0.0 255.255.0.0 match any any deny
rule any any match any any any permit
The first rule allows DHCP.
Second allows access to one particular network in 192.168.x.x
Third denies all other networks in 192.168.x.x
Last allows access to everything else, ie to the Internet & external.
------------------------------
Andrew Rutherford
------------------------------
Original Message:
Sent: Sep 02, 2021 10:10 AM
From: Jeroen Kleen
Subject: How to set the access rule for networks so that it can only talk to the internet and just a few local IP's
hi All,
I"m working on an instant IP config where my local subnet is 192.168.1.254 / 255.255.248.0
DHCP on 192.168.2.1-7.250
DHCP, Gateway & DNS : 192.168.1.254
What I would like to do is allow all the DHCP clients to get to the internet and talk to a few IP's like 192.168.1.249.-254. like 192.168.1.254/255.255.255.248.0
If setup this rule in instant then I got to networks>Access & change to access rules > network based but then I'm a bit stuck as I did try to exclude the lower IP range below 192.168.1.249 but that doesn't work as I'm then nog even getting an DHCP any longer :(
I did try as example to exclude IP access to IP's like below 1.126 by using: Deny any to network 192.168.1.0/255.255.255.128 and then followed by allow all destinations but still I get no DHCP even any longer..
Would somebody has any practical suggestion how to achieve this?
------------------------------
Jeroen Kleen
------------------------------