Description:

Some scenarios require that communication in the network should be possible only for Wi-Fi users who obtain an IP address from a DHCP server in the local network. Wi-Fi users with a static IP address should be blocked. This can be implemented using the protocol filter on access points and WLAN routers.

This article describes how to use the protocol filter so that only network users allowed to communicate on the network are those who obtained an IP address via DHCP (“mandatory DHCP”).

In a WLAN controller scenario the protocol filter configuration can be rolled out to the access points via a script. The procedure is described in the Knowledge Base article Centralized script management with LANCOM WLAN controllers. Please use the attached script file.


Requirements:


Procedure:

1) Open the configuration for the device in LANconfig and switch to the menu item Interfaces → LAN → LAN bridge.

2) Go to the Protocols menu.

3) Add a new entry to allow ARP (Address Resolution Protocol) and adjust the following parameters:

4) Add a new entry to allow DHCP (Dynamic Host Configuration Protocol) and adjust the following parameters:

5) Create a new entry in order to transmit packets from Wi-Fi participants who obtained their IP address from a DHCP server. To do this, adapt the following protocols:

6) The Protocols table should appear as shown below.

There is no need for a deny rule that prevents data traffic for all Wi-Fi users with a static IP address, as there are rules for the Wi-Fi interfaces, but these do not apply. In this case, the standard rule comes into effect with the action Drop packets. This rule is not visible in the configuration.

7) This concludes the configuration of the protocol filter. You can now write the configuration back to the device.