This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

L3/L4 User Traffic Profiles in vSCG

samuel_eng
New Contributor III

‎03-24-2015 03:07 AM

Hi, I would like to create a User Traffic Profile in the vSCG that will only allow access to the internet and no local LAN access. Then apply this to a WLAN. How to achieve this?
3 REPLIES 3

rob_krumm
New Contributor III

‎03-24-2015 06:09 AM

Hi Samuel, 

If you are trying to allow internet access only you can go into the L3/L4 traffic policy list and set the policy to "allow all by default". Then you want to add deny rules for all private IP ranges on all protocols, these include:

10.0.0.0/8
192.168.0.0/16
172.16.0.0/12

This should prevent a customer from reaching any Private IP ranges.

Hope this helps!

Rob

samuel_eng
New Contributor III

‎03-24-2015 06:12 AM

Thanks for your reply! 

But in order to access the internet the client would have to communicate with its default gateway. These rules above would deny that type of traffic?
0 Kudos

rob_krumm
New Contributor III

‎03-24-2015 06:26 AM

Hi Samuel,

That will not be the case. We will block traffic based on the destination address in the IP packet, not which device the packet has been passed to.

So if you try to ping an address on the internet, the destination IP in the packet will be the IP address of the website you are trying to reach and we will allow it through.

If on the other hand, you are trying to ping the router, or another AP, or maybe another client, the destination address will be private and we will drop the traffic at the AP.

Hope this clarifies!

Rob
0 Kudos
Copyright © 2025 Khoros, LLC
Top

Type a product name