This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
- Community
- RUCKUS Technologies
- RUCKUS Lennar Support
- Community Services
- RTF
- RTF Community
- Australia and New Zealand – English
- Brazil – Português
- China – 简体中文
- France – Français
- Germany – Deutsch
- Hong Kong – 繁體中文
- India – English
- Indonesia – bahasa Indonesia
- Italy – Italiano
- Japan – 日本語
- Korea – 한국어
- Latin America – Español (Latinoamérica)
- Middle East & Africa – English
- Netherlands – Nederlands
- Nordics – English
- North America – English
- Poland – polski
- Russia – Русский
- Singapore, Malaysia, and Philippines – English
- Spain – Español
- Taiwan – 繁體中文
- Thailand – ไทย
- Turkey – Türkçe
- United Kingdom – English
- EOL Products
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- RUCKUS Forums
- EOL Products
- ZD
- Re: Hoaxing DNS, or equivalent to effectively bloc...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Hoaxing DNS, or equivalent to effectively block internet access?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-11-2013 11:31 AM
On occasions, I would like to effectively block all internet access on devices connected to a particular WLAN. If I simply turn off the WLAN, then cellular data takes over, so I'd like to keep the WLAN "connected" to the devices, but direct the device to a fake page, faulty page or similar. (It won't fool everyone during exams, quizzes, etc - but it will fool some!)
I can see that, if the ZD was a DHCP server, then I could possibly change the DNS, but that would only take effect when new IPs were handed out and anyhow, We don't use the ZD for a DHCP server.
I've tried using Device policies to shove devices onto a fake VLAN, but that actually just reverts to cellular data on devices.
Any thoughts would be appreciated - I have 2 hours before a school-wide quiz takes place, and I'd love to have it "in place" then
I can see that, if the ZD was a DHCP server, then I could possibly change the DNS, but that would only take effect when new IPs were handed out and anyhow, We don't use the ZD for a DHCP server.
I've tried using Device policies to shove devices onto a fake VLAN, but that actually just reverts to cellular data on devices.
Any thoughts would be appreciated - I have 2 hours before a school-wide quiz takes place, and I'd love to have it "in place" then
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-12-2013 01:59 AM
Some kind of messing with default gateways?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2014 07:17 PM
have your DHCP server point clients to a DNS server that you control.
Then reconfigure your DNS server to redirect all queries to a captive portal. (via a wildcard feature)
when you want things to work, change your DNS configs back.
Then reconfigure your DNS server to redirect all queries to a captive portal. (via a wildcard feature)
when you want things to work, change your DNS configs back.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2014 12:46 AM
Thanks for the help. I wonder if I just set up VLAN Tag to a non-existant VLAN whether that would quickly stop them in their tracks?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-10-2014 07:34 AM
Not likely.
A newly associating wifi device would realize right away that it was not issued an IP address.
It might take a pre-associated device longer to give up on your wifi.
A better approach would be to change the VLAN to another one that has the "wildcard" DNS server on it. That server would refer all traffic to a single "portal" web server.
So, on this secondary VLAN, the "wildcard" DNS server would have to have the same IP as your regular caching DNS server. You'd also have to have a DHCP server out there to continue to issue IP addresses.
That secondary DNS/DHCP/WEB-server + VLAN should be a "complete" solution that would give you some hope of fooling your wifi devices into thinking they still had a working internet connection.
A newly associating wifi device would realize right away that it was not issued an IP address.
It might take a pre-associated device longer to give up on your wifi.
A better approach would be to change the VLAN to another one that has the "wildcard" DNS server on it. That server would refer all traffic to a single "portal" web server.
So, on this secondary VLAN, the "wildcard" DNS server would have to have the same IP as your regular caching DNS server. You'd also have to have a DHCP server out there to continue to issue IP addresses.
That secondary DNS/DHCP/WEB-server + VLAN should be a "complete" solution that would give you some hope of fooling your wifi devices into thinking they still had a working internet connection.
Labels
-
DHCP
1 -
IP lease
1 -
license snmp
1 -
Proposed Solution
1 -
Ruckus
1 -
server
1 -
VLAN
1 -
w
1 -
wap
1 -
zone director
1 -
ZoneDirector
1
