Vlan/ACL question

jpgleason — Sun, 04 Jul 2021 04:53:39 GMT

I am in the process of getting my guest access set up on my network and I have a couple of questions.

1) On my L3 switch I currently have the switch port with the command line of switchport access vlan 2 for my current wireless network. I am looking to add vlan 3 for the guest wireless access. Should I add/change that line to switchport trunk allow vlan 2,3 for each port I have my APs plugged into?

2) I am having issues with my ACLs. All I want my guest vlan to do is go to the internet, nothing more. Is it better to place this ACL on the WCL, L3 switch or ASA? When I try it on the WLC, even when I deny ICMP both ways, I am still able to ping and I do have the ACL applied to the interface.

Thanks,

Jim

Re: Vlan/ACL question

Stephen Rodriguez — Thu, 29 Mar 2012 00:35:42 GMT

If your ap are in local mode you won't Ned ti change the port as the traffic is ingress/egress at the WLC. So long as VLAN 3 is allowed there it will be fine.

As for the ACL, I'd put it on the Layer 3 interface of the switch/router.

Steve

Sent from Cisco Technical Support iPhone App

topic Re: Vlan/ACL question in Wireless

Vlan/ACL question

Re: Vlan/ACL question