Wireless Access

Firstly, thanks to all the people, particularly Colin, who have helped me over the last few weeks.   I am deploying my first Aruba wireless network next week and all your help has been fantastic and greatly appreciated.

I have configured a captive portal for guest access and created a unique VLAN to place guest traffic in.   This VLAN is logically separated from the corporate network and I have configued the internal DHCP servers to handle DHCP requests with the DNS servers configured as two external public DHCP servers.

My question is what firewall rule(s) do I need to apply to ensure that guest users can access the internal DHCP server?  Is it:

source: any

destination: <IP address of controller>

service: dhcp

Crowdie

The rule you need for users to access the dhcp server is:

any any service svc-dhcp

Please see an article why it should be that way here:  http://kb.arubanetworks.com/cgi-bin/arubanetworks.cfg/php/enduser/std_adp.php?p_faqid=533

Is there any way we can lock down the DHCP so only the wireless LAN controller can respond?

Could we use rules such as

any  controller svc-dhc permit

controller any svc-dhcp permit

any any svc-dhcp drop

Crowdie

No, because a DHCP packet does not necessarily have a layer 3 destination or source address.   DHCP renewals are usually a unicast to the old DHCP server, but that is about it.  Please read the explanation on the link I posted earlier.

You can stop any other clients from searving up  DHCP by  adding this:

user any udp 68 deny

That will deny any user from answering a DHCP request.