Games console (xbox 360, xbox one, ps3, ps4). with Guest Access authentication

  • 1
  • Question
  • Updated 2 years ago
  • (Edited)
You can't currently access a wlan with a guest access authentication method via a games console.

One suggestion, via https://support.ruckuswireless.com/answers/000002326 is to create a separate SSID for a gaming network, which is fine, but does anyone have an inclusive list of ip ranges etc to allow through a firewall on such a network?

Another idea is to allow the the console on the guest access network by associating the MAC address of the device with a users guest pass key.  Is this at all possible on the Zone Director?
Photo of Jack Turner

Jack Turner

  • 2 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Max O'Driscoll

Max O'Driscoll, AlphaDog

  • 322 Posts
  • 77 Reply Likes
Looking at the ZD GUI you can add MAC addresses to the guest WLAN...is this what you are after. Need to create the ACL MAC list then choose from the "Access Control" drop down selector. Bottom of image...

Photo of Max O'Driscoll

Max O'Driscoll, AlphaDog

  • 322 Posts
  • 77 Reply Likes
As for the ports that consoles use...google would be the obvious way to go!
===========for instance search "xbox 360 firewall ports required" produced this============

Network ports used by Xbox Live

Port forwarding

If you have a firewall or network hardware, such as a router, you might need to make a configuration change in order for your PC or Xbox 360 console to communicate with Xbox Live. This configuration change is sometimes called “opening ports” or "port forwarding".

Xbox Live requires the following ports to be open:

  • Port 88 (UDP) 
  • Port 3074 (UDP and TCP) 
  • Port 53 (UDP and TCP) 
  • Port 80 (TCP) 

Note If you cannot chat with someone using Video Kinect, you might need to open port 1863 (UDP and TCP).

==============================================================================
(Edited)
Photo of Marc Creviere

Marc Creviere

  • 2 Posts
  • 1 Reply Like
Greetings!

The L2 ACL is going to allow/deny folks from connecting to the WLAN at all, but I don't think it will do anything as far as bypassing the captive portal for those devices listed.

Would it be feasible in your environment to use DPSK for gaming devices?  I do this for some of my higher education customers for devices that don't support radius.  You could bring up another SSID, use the same VLAN as your guest network, even configure client isolation, and that would not require you to set up any additional firewall rules if your guest VLAN is already configured the way you need.  You then generate DPSKs for your users gaming devices and have them use those keys.

As Max said, Google would definitely be your resource for finding out which ports need to be opened if you needed to specify.

Good luck!

Marc Creviere
Photo of Jack Turner

Jack Turner

  • 2 Posts
  • 0 Reply Likes
Hi both,

Many thanks for your responses.

I was looking for ip ranges or something i can look for in the packets rather than ports to allow for xbox live. Allowing port 80 outbound I may as well leave the network open and unauthenticated for all clients.

DPSK is probably what im looking for in terms of accountability and compatibility. I don't really need to log what games consoles are doing on the network, so I may use this with a hint of MAC filtering on the firewall side to make sure the keys don't get used on none gaming devices.