CommScope RUCKUS Community Forums

wayne_eaton_4wn · ‎04-26-2018

ZD1100 (I know EOL). firmware 9.9.1.0 build 52

I've set up GuestWifi and activation and it works very nicely. I want to restrict users from other subnets so I configured Restricted Subnet Access, however, I can still get to anything on these subnets...ping, file shares, web portals, etc. Not sure what else I'm doing wrong?9.9.1.0 build 52

Image_ images_messages_5f91c3d9135b77e2478ae02f_30803174ffa9effd174bf6133ad4e956_RackMultipart20180426128542tmm-2d26a544-b09a-41e2-9f75-7814bf53fce5-385906472.JPG1524773711

igor_tunakin · ‎04-27-2018

Hi,it because the ACL is wrong. What subnet are you going to block?

You cannot block a subnet and allow some part of it.
Ex.
deny 172.16.0.0/12 means all packets with destination IP from 172.16.0.0 to 172.31.255.255 will be denied.And then you write: allow 172.17.10.3/32
If an ACL has so kind of mistakes it cannot be activated.

wayne_eaton_4wn · ‎04-27-2018

Thank you, I can see that now. However, if this was working, than probably nothing would be working and my subnets that I'm intending to block would already be blocked by the 172.16.0.0/12. So this is still not working as I can get to IP's on 172.17.10.0...172.17.40.0...etc. Is there anything else I need to enable anywhere?

igor_tunakin · ‎04-27-2018

Could you show your new ACL?

wayne_eaton_4wn · ‎04-27-2018

Sure...here it is...

CommScope RUCKUS Community Forums

Guest Wifi - restricted subnet access

Photos