This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
- Community
- RUCKUS Technologies
- RUCKUS Lennar Support
- Community Services
- RTF
- RTF Community
- Australia and New Zealand – English
- Brazil – Português
- China – 简体中文
- France – Français
- Germany – Deutsch
- Hong Kong – 繁體中文
- India – English
- Indonesia – bahasa Indonesia
- Italy – Italiano
- Japan – 日本語
- Korea – 한국어
- Latin America – Español (Latinoamérica)
- Middle East & Africa – English
- Netherlands – Nederlands
- Nordics – English
- North America – English
- Poland – polski
- Russia – Русский
- Singapore, Malaysia, and Philippines – English
- Spain – Español
- Taiwan – 繁體中文
- Thailand – ไทย
- Turkey – Türkçe
- United Kingdom – English
- EOL Products
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- RUCKUS Forums
- RUCKUS Technologies
- Best Practices
- Client Isolation Whitelist Chromecast with R500
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Client Isolation Whitelist Chromecast with R500
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2019 11:49 AM
Hello. I walked into a situation that has 4 Ruckus R500 access points. There are 2 SSID's being broadcast, both on VLAN1. One is a private network that has no restrictions other than WPA2 password, the other one has the additional 2 checkboxes set to enable guest isolation (under advanced settings, then on the other tab) and also has a guest isolation whitelist enabled.
The whitelist initially had 1 entry which was the mac address and IP of the gateway. This works, and allows internet access. Removing this makes internet access/dhcp/dns stop working on the guest network (which is not an issue, leaving this enabled)
I have a google chromecast on the normal SSID that has no restrictions. People on that same network can use it just fine. I added it to the same client isolation whitelist though, and cannot ping it / see it / cast to it consistently. The odd thing is that I could very sporadically see/ping it, which I believe to be just a fluke as it only lasted around 30 seconds.
I have updated to the most current firmware as they were 2 years out of date.
These SSIDs are on the same VLAN / subnet / dhcp server. As a temporary bandaid, I have made a L3 ACL list that allows all by default but had 2 deny rules where guests cannot hit our server or hit our phone system. I need to find a way to make it so guests cannot hit anything though, except for this chromecast, and the whitelist seems to be failing me. Is this a limitation due to the chromecast also being on the wireless, and in order to turn on the option "Isolate wireless client traffic from all hosts on the same VLAN/subnet", I have to first turn on the option "Isolate wireless client traffic from other clients on the same AP", and maybe the whitelist isn't applying to devices on the same AP and is only applying against the subnet/vlan? If that's the case, I'll just buy a $15 ethernet adapter for the chromecast and be done with this weird problem.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2019 11:51 AM
If i recall correctly, you cannot whitelist other wireless clients/Devices.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2019 12:01 PM
That feels like the case. Which at least I have an ethernet option. Also when I whitelist the 4 APs, I can hit any 3 of the 4, and cannot hit the one I am connected to. So that could be the case.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2019 12:02 PM
Just an FYI, maybe not with Ruckus, but with other vendors, there have been problems with Isolation applying to clients roaming between APs, you may consider setting up a second Vlan, moving your guest traffic over to it. Relying on isolation for segmentation is not a good idea.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2019 01:26 PM
Thanks Andrew. I can see about trying to do this. I know I can make that work on a separate VLAN. They would still need to use the isolation as they have a requirement to keep guests isolated from other guests, but I understand the benefits of it also being on a separate vlan. In order to accomplish that, I'll need to get more familiar with mDNS/bonjour gateway forwarding as they still want this 1 Chromecast to be reachable by people on both networks.
Confident though at this point that at the very least, I need to get the chromecast on the LAN. Once cable connected instead of on WIFI, that will hopefully work, and then I can setup a test SSID on a secondary VLAN, and see if I can get these other requested features to play nice.
Thanks for the quick responses to this. I'm ok with proceeding with the assumption I cannot whitelist a wireless client and can only whitelist other LAN clients.
Confident though at this point that at the very least, I need to get the chromecast on the LAN. Once cable connected instead of on WIFI, that will hopefully work, and then I can setup a test SSID on a secondary VLAN, and see if I can get these other requested features to play nice.
Thanks for the quick responses to this. I'm ok with proceeding with the assumption I cannot whitelist a wireless client and can only whitelist other LAN clients.
