Controllerless Networks

last person joined: 20 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

How do i create a rule for IAP's to prevent users from issuing DCHP?

This thread has been viewed 2 times

  • 1.  How do i create a rule for IAP's to prevent users from issuing DCHP?

    Posted Jul 03, 2015 05:30 AM

    I have an issue where a client is issuing DHCP leases. With controller based systems I alway implement a firewall rule as standard to prevent users from issuing udp port 67. How do I do the same on an IAP installation?

     

    Thank you in advance..



  • 2.  RE: How do i create a rule for IAP's to prevent users from issuing DCHP?

    Posted Jul 03, 2015 05:35 AM

    rule type: access control
    Action: deny
    service: custom
    protocol: udp
    port : 68/67
    to all destination



  • 3.  RE: How do i create a rule for IAP's to prevent users from issuing DCHP?

    Posted Jul 03, 2015 06:27 AM

    Hi,

     

    We should deny UDP 68 traffic from a user to any destination. It is simple, if you want to allow a client to get an IP address, allow UDP 67 traffic from the client, if you want to stop the client to Assign/Renew the IP, Deny ( Stop) UDP 68 traffic from the Client.

     

    Hope you got more clarity on this.

     

    Please feel free for any further clarity on this.



  • 4.  RE: How do i create a rule for IAP's to prevent users from issuing DCHP?

    Posted Jul 03, 2015 11:05 AM

    Hi Venu,

    Thank you for your response.

    On a controller based system the rule can be created either by the GUI or terminal:

     

    user any udp 68 deny

     

    Where is the rule created on Instant APs?



  • 5.  RE: How do i create a rule for IAP's to prevent users from issuing DCHP?
    Best Answer

    EMPLOYEE
    Posted Jul 03, 2015 11:15 AM
    Under security, you can configure the roles and add firewall policies.

    http://www.arubanetworks.com/techdocs/Instant_41_Mobile/Advanced/Content/UG_files/Roles_and_policies/ConfUserRole.htm

    Thanks,
    Tim


  • 6.  RE: How do i create a rule for IAP's to prevent users from issuing DCHP?

    Posted Jul 03, 2015 01:01 PM

    Thank you for the advice and support!

     

    Kind regards