Showing results for 
Search instead for 
Did you mean: 

How to block ports?

New Contributor
I need to block some standard VPN ports on the Ruckus. I think blocking these ports will keep most of the VPN apps under control, and will give us a trail of breadcumbs to see who's trying to VPN. How do I do this? Step-by-step directions would be fantastic!


Valued Contributor

access control
L2-L7 Access control
L3/4IP address Access control

screenshot below
caveat: test, test again and beware of unintended consequences when you start denying things or rely on "deny" as a form of firewall security!

Image_ images_messages_5f91c42d135b77e2479a3906_25f6e5d89cf6968e4ac4e9c7dc86b0cd_RackMultipart20161107654171cjj-02786ad6-9492-4536-8c21-1240f7019307-1037994932.jpg1478536853 have to name the rule and then apply it to a WLAN (or several).

Edit WLAN and apply relevant rule in drop down of access control.

New Contributor
How do I specify UDP or TCP?

Valued Contributor
That's why I suggested testing. The ZD is not that granular - it is not a firewall and is not intended as such. The protocol list is fairly limited and probably doesn't cover your needs.

Typing 80 into port and UDP into the protocol box produces this if you know the correct numbering scheme then you might get further along. Have fun.

Image_ images_messages_5f91c42e135b77e2479a476f_03212861865a98a82381bf5322afedef_RackMultipart2016110822809a930-f08d8c27-e914-4d81-8e54-8c947172bc77-276067469.jpg1478598961

Valued Contributor
From the ruckus ZD help manual (4th bullet point is the one you need)

Define each access policy by configuring a combination of the following:
    • Type: The access privilege (allow or deny) that this policy grants.

    • Destination Address: Enter an IP subnet and netmask of the network target to which you want to allow or deny access. (IP address must be in the format A.B.C.D/M, where M is the subnet mask.) Otherwise, select Any. For example, if you enter, the rule would allow or deny the entire Class C subnet. To allow/deny a single host, use /32 as the netmask.

    • Application: If you select a specific application from the menu, the Protocol and Destination Port options are automatically filled with the relevant values and are not configurable.

    • Protocol: Enter a network protocol number (0-254), as defined by the IANA ( to allow or deny. Otherwise, select Any.

    • Destination Port: Enter a valid port number (1-65534) or port range (e.g., 80-443).

      UDP is 17 on that (IANA) list. Perhaps you can make this work. I've learned something new - hooray!