01-19-2019 11:06 AM
I would like to know where i am going wrong with the configuration for the suspension, i have read the articles carefully and when over and over looking at the configurations on the UCRM and on my ER-X Router, please assist with this issue please need to get this suspension feature working.
I am willing to pay for remote assistance in getting to feature working please reach out to me here at this email firstname.lastname@example.org
01-19-2019 07:12 PM
We're going to need to see the config to help you with it. Unless your just asking for remote assistance only here.
Which part is failing?
Do the firewall rules work if you manually add an IP address to the group?
Is UCRM not syncing to the ERX?
01-20-2019 07:10 AM
MY NETWORK TOPOLOGY
Thanks for reply to this post, i will copy setttings and show below, the firewall rules are not working because if i manually add the ip address to the BLOCKED_USERS group i am still able to get access to the internet with ip address 192.168.30.3/24 whcih is the customer ip address i have manually add this to the BLOCKED_USERS, when i check the UCRM Logs it shows the ER-X Device synrocnize and Suspension sync and
The customer is suspended see screen shoot below:
This screen shoot shows the firewall BLOCKED_USERS group high lighted is the IP Address i manually added in which is the customer ip address:
This screen show is for UCRM Logs :
This screen shoot is showing the Devices & Sites in UCRM which is 1 ER-X Router a ES-8 150W siwtch is connected to the router which than feed into the LBE 5AC PMPT AP which than bridges to the customer LBE 5AC. i did not added the ES-8 switch top the Device becuase the article mention that the suspension should only be enable on the gateway router which is the ER-X:
Logs from the ER-X :
ER-X Interface Screen Shoot :
Firewall NAT Rules note tha i re arrange so the UCRM Rules gets first priority:
Not really sure where i when wrong with the configuration, my email address email@example.com if you are willing to assist remotely for a paypal fee.
01-21-2019 08:17 AM
Your firewall rules are not set up correctly. You added the ucrm_* rules to your WAN_IN ruleset which is only applied to the eth0 interface.
- Delete all the ucrm_* rules in WAN_IN
- Create a new ruleset named ucrm_blocked_users_eth5
- Create new rules on that ruleset like you did on the WAN_IN ruleset
- Make sure you add each VLAN to that ruleset that you want to block users on
Here is an example from our system
And here is the interfaces tab of that ruleset
01-22-2019 08:21 AM
Thanks for the reply, have a question in reference to the intefrace, on the ER-X Eth5 is the trk port for Vlan switch0, switch0.20,switch0.30 & switch0.40.
When selecting interfaces should i use eth5 or switch0.20 which is the vlan for the customers that i am trying to block ?
01-22-2019 08:27 AM
Yeah, I missed that when I was looking over your setup. If an ethernet port is part of the switch interface your firewall rules etc need to be applied to the switch since it is the interface, not the physical port the traffic comes in.