https://community.cisco.com/t5/wireless/restrict-https-access-to-5508-wlc/m-p/2272818#M119409 <HTML><HEAD></HEAD><BODY><P>You have to use CPU Acl because this traffic is directed to the wlc itself.</P><P>Interface acl is for traffic from to wireless clients</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/security_solution/config_security_chapter_01110.html#ID2789">http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/security_solution/config_security_chapter_01110.html#ID2789</A></P></BODY></HTML> Tue, 25 Jun 2013 20:34:26 GMT Serge Yasmine 2013-06-25T20:34:26Z https://community.cisco.com/t5/wireless/restrict-https-access-to-5508-wlc/m-p/2272815#M119406 <P>I would like to restrict HTTPS access to the management interface(the GUI management) on a 5508.&nbsp; I created an ACL and applied it to the management interface.&nbsp; Nothing happens.&nbsp; Still able to access from any IP.&nbsp; Maybe im goign about this the wrong way.</P><P></P><P>The ACL is attached as a picture to this discussion.</P><P></P><P>Any help is appreciated.</P><P></P><P>Thanks,</P><P>Ryan</P> Sun, 04 Jul 2021 07:16:22 GMT https://community.cisco.com/t5/wireless/restrict-https-access-to-5508-wlc/m-p/2272815#M119406 ryan.rouleau 2021-07-04T07:16:22Z https://community.cisco.com/t5/wireless/restrict-https-access-to-5508-wlc/m-p/2272816#M119407 <HTML><HEAD></HEAD><BODY><P>Hello Ryan,</P><P></P><P>As per your query i can suggest you the following solution-</P><P></P><P>Please use the commands to verify the acl on management interface-</P><P></P><UL><LI>•1.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; config interface acl management access-control-list-name<BR /></LI></UL><P></P><UL><LI>•2.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; config interface acl ap-manager access-control-list-name<BR /></LI></UL><P></P><P>Hope this will help you.</P><P></P></BODY></HTML> Fri, 21 Jun 2013 21:29:45 GMT https://community.cisco.com/t5/wireless/restrict-https-access-to-5508-wlc/m-p/2272816#M119407 Abhishek Abhishek 2013-06-21T21:29:45Z https://community.cisco.com/t5/wireless/restrict-https-access-to-5508-wlc/m-p/2272817#M119408 <HTML><HEAD></HEAD><BODY><P> Through the CLI there was no ACL applied.&nbsp; Now doing the command above, the ACL is now applied, but its still allowing HTTPS access from any IP.</P></BODY></HTML> Tue, 25 Jun 2013 17:06:57 GMT https://community.cisco.com/t5/wireless/restrict-https-access-to-5508-wlc/m-p/2272817#M119408 ryan.rouleau 2013-06-25T17:06:57Z https://community.cisco.com/t5/wireless/restrict-https-access-to-5508-wlc/m-p/2272818#M119409 <HTML><HEAD></HEAD><BODY><P>You have to use CPU Acl because this traffic is directed to the wlc itself.</P><P>Interface acl is for traffic from to wireless clients</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/security_solution/config_security_chapter_01110.html#ID2789">http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/security_solution/config_security_chapter_01110.html#ID2789</A></P></BODY></HTML> Tue, 25 Jun 2013 20:34:26 GMT https://community.cisco.com/t5/wireless/restrict-https-access-to-5508-wlc/m-p/2272818#M119409 Serge Yasmine 2013-06-25T20:34:26Z https://community.cisco.com/t5/wireless/restrict-https-access-to-5508-wlc/m-p/2272819#M119410 <HTML><HEAD></HEAD><BODY><P> Thanks everyone.&nbsp; The CPU ACL works.&nbsp; Just make sure you add a permit any any to the end of your ACL or you might lose access to other mangement services as well.</P><P></P><P>Ryan</P></BODY></HTML> Tue, 25 Jun 2013 20:59:17 GMT https://community.cisco.com/t5/wireless/restrict-https-access-to-5508-wlc/m-p/2272819#M119410 ryan.rouleau 2013-06-25T20:59:17Z https://community.cisco.com/t5/wireless/restrict-https-access-to-5508-wlc/m-p/2272820#M119411 <P>So this announcement came out and now I'm looking at cpu acl stuff.&nbsp; I found this thread but have a question about your statement <STRONG>"Just make sure you add a permit any any to the end of your ACL or you might lose access to other mangement services as well."</STRONG></P><P>Im confused if you add this wouldn't this allow access for all anyway?&nbsp; I can see you blocked https.&nbsp; Does anyone know what other management services are needed?&nbsp;</P><P>&nbsp;</P><P>http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-wlc</P> Wed, 21 Oct 2015 18:35:30 GMT https://community.cisco.com/t5/wireless/restrict-https-access-to-5508-wlc/m-p/2272820#M119411 Trent Hurt 2015-10-21T18:35:30Z