Technical data
Configure Controller Parameters From the CLI
© 2012 Meru Networks, Inc. Managing the System 33
Limit Wired Client Access to the Controller With QoS Rules
To control access to the controller from wired network devices, you can configure
rule-based IP ACL lists using the qosrules command. This section provides qosrule
examples for several types of configurations.
The following is an example that blocks management access (on TCP and UDP) to the
controller (at 192.168.1.2) for all devices except the host at 192.168.1.7. Notice that
match tags are enabled when srcip, dstip, srcport, dstport, netprotocol, or packet
min-length is configured for a rule.
Allow the host 192.168.1.7 to access the controller with TCP/UDP:
controller(config)# qosrule 20 netprotocol 6 qosprotocol none
controller(config-qosrule)# netprotocol-match
controller(config-qosrule)# srcip 192.168.1.7
controller(config-qosrule)# srcip-match
controller(config-qosrule)# srcmask 255.255.255.255
controller(config-qosrule)# dstip 192.168.1.2
controller(config-qosrule)# dstip-match
controller(config-qosrule)# dstmask 255.255.255.255
controller(config-qosrule)# action forward
controller(config-qosrule)# end
controller(config)# qosrule 21 netprotocol 17 qosprotocol none
controller(config-qosrule)# netprotocol-match
controller(config-qosrule)# srcip 192.168.1.7
controller(config-qosrule)# srcip-match
controller(config-qosrule)# srcmask 255.255.255.255
controller(config-qosrule)# dstip 192.168.1.2
controller(config-qosrule)# dstip-match
controller(config-qosrule)# dstmask 255.255.255.255
controller(config-qosrule)# action forward
controller(config-qosrule)# end
The following qosrules allow wireless clients to access the controller on TCP ports
8080/8081 if using the Captive Portal feature.
controller(config)# qosrule 22 netprotocol 6 qosprotocol none
controller(config-qosrule)# netprotocol-match
controller(config-qosrule)# srcip <subnet of wireless clients>
controller(config-qosrule)# srcip-match
controller(config-qosrule)# srcmask <netmask of wireless clients>
controller(config-qosrule)# dstport-match on
controller(config-qosrule)# dstip 192.168.1.2
controller(config-qosrule)# dstip-match
controller(config-qosrule)# dstmask 255.255.255.255
controller(config-qosrule)# dstport 8080
controller(config-qosrule)# action forward
controller(config-qosrule)# end
controller(config)# qosrule 23 netprotocol 6 qosprotocol none
controller(config-qosrule)# netprotocol-match
controller(config-qosrule)# srcip <subnet of wireless clients>
controller(config-qosrule)# srcmask <netmask of wireless clients>
controller(config-qosrule)# dstport-match on