Controllerless Networks

last person joined: 2 days ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

How do I create an Instant AP rule to allow a port or ports from a network or host

This thread has been viewed 1 times

  • 1.  How do I create an Instant AP rule to allow a port or ports from a network or host

    Posted Dec 12, 2013 03:10 PM

    I am trying to create an Access rule that allows ping or a specific remote control port though to a wireless client on an Instant AP.

     

    The rule I can create lets me allow ICMP from the wirless client to another network (subnet/VLAN) or host in another subnet or VLAN.

     

    Thanks,

     

    Steve 



  • 2.  RE: How do I create an Instant AP rule to allow a port or ports from a network or host

    Posted Dec 12, 2013 03:16 PM

     

    Once you create a network you define the ACLs under that role 

    Instant_2013-12-12_15-15-03.png



  • 3.  RE: How do I create an Instant AP rule to allow a port or ports from a network or host

    Posted Dec 12, 2013 03:46 PM

    Thanks, In the destination field - I have the choice of  'to a network'. Is there somewhere the detination can be 'from a network' ??

     

    Or is there a way to create a rule that allows or denies from a source ??

     

    Thank you,

     

    Steve

     



  • 4.  RE: How do I create an Instant AP rule to allow a port or ports from a network or host

    Posted Dec 12, 2013 06:48 PM

     

    Try it from the CLI :

     

    test_iap (Access Rule "test-role") # rule 192.168.3.0 255.255.255.0 10.10.10.0 255.255.255.0 tcp 443 deny 

     

    It looks like its not available from the GUI only to deny to certain destination, I have not test this so not quite sure if it will even work properly



  • 5.  RE: How do I create an Instant AP rule to allow a port or ports from a network or host
    Best Answer

    Posted Dec 12, 2013 07:08 PM
    Unfortunately, as of today we do not support ACLs with source IPs.. We are looking into adding this feature.

    Could I check my understanding of the original requirement: You want to allow certain wireless clients to ping a wired host, but not other wireless clients, which means you need the source IP in the ACL rule. Is my understanding correct?


  • 6.  RE: How do I create an Instant AP rule to allow a port or ports from a network or host

    Posted Dec 13, 2013 07:32 AM

     

    That's what I thought but I wasn't sure , since it wasn't available when trying to configure through the GUI



  • 7.  RE: How do I create an Instant AP rule to allow a port or ports from a network or host

    Posted Dec 13, 2013 10:53 AM

    Thank you - I am wanting to create an ACL with a source IP.

     

    What I want to do is allow a wired client (or subnet) to ping and remote proxy a wireless client. I want to block these actions from all other clients or subnets - wired or wireless.

     

    We thought that we read somewhere that a rule setup to allow a port from the wireless client 'to a network' (a wired subnet) that the action would be allowed in both directions. We have tested this - It is not allowed in both directions.

     

    Steve