topic Re: Cisco 9800 ACL rule for access WLC via HTTP in Wireless

Cisco 9800 ACL rule for access WLC via HTTP

rajat00011 — Tue, 05 Mar 2024 06:04:14 GMT

i make acl rule for access wlc but its not working please help us

Extended IP access list access-WLC
1 permit tcp host 10.135.2.56 host 10.135.54.36 eq www
2 permit tcp host 10.135.2.142 host 10.135.54.36 eq www
3 permit tcp host 10.135.2.145 host 10.135.54.36 eq www
4 permit tcp host 10.135.2.162 host 10.135.54.36 eq www
5 permit tcp host 10.135.2.173 host 10.135.54.36 eq www
6 permit tcp host 10.135.2.207 host 10.135.54.36 eq www
7 permit tcp host 10.135.2.208 host 10.135.54.36 eq www
8 permit tcp host 10.135.2.211 host 10.135.54.36 eq www
9 permit tcp host 10.135.2.216 host 10.135.54.36 eq www
10 permit tcp host 10.135.2.241 host 10.135.54.36 eq www
11 permit tcp host 10.135.2.242 host 10.135.54.36 eq www
12 permit tcp host 10.135.2.244 host 10.135.54.36 eq www
13 permit tcp host 10.135.2.245 host 10.135.54.36 eq www
14 permit tcp host 10.135.2.247 host 10.135.54.36 eq www
15 permit tcp host 10.135.2.248 host 10.135.54.36 eq www
16 permit tcp host 10.135.2.250 host 10.135.54.36 eq www
17 permit tcp host 10.135.2.251 host 10.135.54.36 eq www
18 permit tcp host 10.135.36.175 host 10.135.54.36 eq www
19 permit tcp host 10.135.36.62 host 10.135.54.36 eq www
20 permit tcp host 10.135.36.65 host 10.135.54.36 eq www
21 permit tcp host 10.135.36.58 host 10.135.54.36 eq www
22 permit tcp host 10.135.2.56 host 10.135.54.36 eq 22
23 permit tcp host 10.135.47.167 host 10.135.54.36 eq www

Re: Cisco 9800 ACL rule for access WLC via HTTP

MHM Cisco World — Tue, 05 Mar 2024 06:42:17 GMT

where you apply this ACL ?

MHM

Re: Cisco 9800 ACL rule for access WLC via HTTP

rajat00011 — Tue, 05 Mar 2024 06:47:57 GMT

associate with interface

Re: Cisco 9800 ACL rule for access WLC via HTTP

Rich R — Tue, 05 Mar 2024 16:08:40 GMT

> where you apply this ACL ?
>> associate with interface
That doesn't actually answer the question that was asked!

1. Regardless of where you're applying this ACL it seems like a really bad way of trying to restrict access to the GUI!
2. Notably your ACL is only permitting http (port 80) - what about http (port 443)?
3. Access to the GUI should be controlled by using "ip http access-class"
4. SSH access should be controller by using "access-class <acl-name> in" on the "line vty"
5 You should be using something like TACACS to provide strong, secure authentication for access to SSH and GUI.

Re: Cisco 9800 ACL rule for access WLC via HTTP

rajat00011 — Wed, 06 Mar 2024 10:06:58 GMT

thank u sir now its work

Re: Cisco 9800 ACL rule for access WLC via HTTP

MHM Cisco World — Wed, 06 Mar 2024 10:13:25 GMT

I will update you tonight for more info

Thanks for waiting

MHM