topic Thanks George ,For the number in Wireless

Wlc and acl

susim — Mon, 05 Jul 2021 10:37:39 GMT

Hi,

ACL in Wireless Controller vs Acl

What is the recommended practice, applying acl on interface vlan or acl inside the WLC

what are the merits and demerits on applying acl in WLC over

Thank you

What is the recommended

Leo Laohoo — Thu, 23 Jul 2015 06:03:29 GMT

What is the  recommended practice,  applying acl on interface vlan or  acl inside the WLC

The recommended "best practice" is to stick the ACL nearest to the core switch AND keep ACL away from the WLC.

Thanks leo The recommended

susim — Sat, 25 Jul 2015 22:03:38 GMT

Thanks leo

The recommended "best practice" is to stick the ACL nearest to the core switch AND keep ACL away from the WLC.

If that is the case , what is the purpose of acl in WLC

Thanks

My 2 cents .. Keep the acl as

George Stefanick — Sat, 25 Jul 2015 22:13:01 GMT

My 2 cents .. Keep the acl as close to the edge as possible so the traffic doesn't drive across the network just to get dropped.

However the ACL on the WLC beyond normal reasoning. In some cases you need to have an acl in both directions to allow traffic to pass. You also have a hard limitation of 66 acl lines or some number close to it.

In my case I avoid the acls on the controller and place on the upstream switch the controller plugs into. I do however use an acl on the controller to block WLC management traffic ..

HTH

If that is the case , what is

Leo Laohoo — Sun, 26 Jul 2015 01:24:06 GMT

If that is the case , what is the purpose of  acl in WLC

ACL function in the WLC is an OPTIONAL feature. It has it's uses but due to the limitation of what the WLC ACL can/can't do it's really difficult to justify sticking an ACL in the WLC.

Hi,core---distribution-

susim — Sun, 26 Jul 2015 03:06:21 GMT

Hi,

core---distribution--access

f i keep wlc at access layer , would it be bad idea ? . (wlc and access point are in same subnet) .ssid's are differnet vlan at the same access layer .

Would it be better if i keep in core . ?

Can you give just an overview how a client associate to a AP and WLC , and how the traffic flows to the distribution layer .

The below one would be a dump question . if the best practice is to drop the traffic at the nearest , the nearest place must be at WLC ?

Thanks

Thanks George ,For the number

susim — Sun, 26 Jul 2015 03:24:41 GMT

Thanks George ,

For the number 66 acl lines

" I do however use an acl on the controller to block WLC management traffic ."

Why and what is the benefit

f i keep wlc at access layer

Leo Laohoo — Sun, 26 Jul 2015 04:30:38 GMT

f i keep wlc at access layer , would it be bad idea ?

Very bad idea. WLC is designed to be in a core network. WLC is also suitable for distro but it is very, very rare to find a WLC in the access layer.

HiThanks Leo , Is it ok

susim — Tue, 28 Jul 2015 04:21:55 GMT

Thanks Leo , Is it ok placing the AP and controller in the same vlan ?.

What would be the benefit and drawbacks

Is it ok placing the AP and

Leo Laohoo — Tue, 28 Jul 2015 05:24:29 GMT

 Is it ok placing the AP  and controller in the same vlan ?.

What would be the benefit and drawbacks

Depends on the size and shape of the network.

For lab purposes, this is fine.

If you're going to connect multiple sites or buildings over a Layer 3 network, the WLC should "live" in the core network.

Hi, Here is setup wlc ip 10.0

susim — Sun, 02 Aug 2015 00:57:20 GMT

Hi,

Here is setup

wlc ip 10.0.50.10 /24
ap 10.0.50.x (same subnet)

client -10.0.x.x /24

the client is redirected to ISE once they conneced for authentication .
ofcourse client cannot browse unless they authenticated
the problem is before authentication the client can see the port is opened or not .
How can i solve this issue . putting an acl on the wlc will solve this issue or there is something i am missing .

on the client vlan i have an access list .
but no access list on ap and wlc vlan

Please help