https://community.cisco.com/t5/wireless/ssid-access-lists/m-p/1783568#M52780 <HTML><HEAD></HEAD><BODY><P>I would like to piggy back on Steves comment.</P><P></P><P>If it were me. I would put the ACL on the SVI interface of the wireless vlan. So traffic gets dropped right after the WLC. I'm not a fan of ACLs on the WLC. </P><P></P><P>So on your "Dr WLAN" you have a interface / (vlan 10 for example). On that SVI interface for VLAN 10 allow access to the servers and other items like DNS (as Steve pointed out). Then deny everything else. </P><P></P><P>Make sense?</P></BODY></HTML> Wed, 31 Aug 2011 15:41:51 GMT George Stefanick 2011-08-31T15:41:51Z https://community.cisco.com/t5/wireless/ssid-access-lists/m-p/1783565#M52777 <P>I have been asked to configure the following: </P><P></P><P>1. Create a specific SSID with 802.1x Authentication (Done)</P><P>2. Create access lists, to only allow users connected to that specific ssid access only to <SPAN style="color: #333333; text-decoration: underline; "><STRONG>CITRX</STRONG></SPAN>, is this possible?</P><P></P><P>We are attempting to connect iPads to our wireless network, for Dr's to use as part of their day to day duties. </P> Sun, 04 Jul 2021 03:38:55 GMT https://community.cisco.com/t5/wireless/ssid-access-lists/m-p/1783565#M52777 Neville Price 2021-07-04T03:38:55Z https://community.cisco.com/t5/wireless/ssid-access-lists/m-p/1783566#M52778 <HTML><HEAD></HEAD><BODY><P>Yes this is possible. When you create the ACL remember to set the out and in policy for the user VLAN and the citrix server farm, if you create the ACL on the WLC. Also don't forget to allow dns access.</P><P></P><P>Sent from Cisco Technical Support iPad App</P></BODY></HTML> Wed, 31 Aug 2011 12:38:39 GMT https://community.cisco.com/t5/wireless/ssid-access-lists/m-p/1783566#M52778 Stephen Rodriguez 2011-08-31T12:38:39Z https://community.cisco.com/t5/wireless/ssid-access-lists/m-p/1783567#M52779 <HTML><HEAD></HEAD><BODY><P> Thanks for that, Is there a document that explains the procedure.</P></BODY></HTML> Wed, 31 Aug 2011 13:01:52 GMT https://community.cisco.com/t5/wireless/ssid-access-lists/m-p/1783567#M52779 Neville Price 2011-08-31T13:01:52Z https://community.cisco.com/t5/wireless/ssid-access-lists/m-p/1783568#M52780 <HTML><HEAD></HEAD><BODY><P>I would like to piggy back on Steves comment.</P><P></P><P>If it were me. I would put the ACL on the SVI interface of the wireless vlan. So traffic gets dropped right after the WLC. I'm not a fan of ACLs on the WLC. </P><P></P><P>So on your "Dr WLAN" you have a interface / (vlan 10 for example). On that SVI interface for VLAN 10 allow access to the servers and other items like DNS (as Steve pointed out). Then deny everything else. </P><P></P><P>Make sense?</P></BODY></HTML> Wed, 31 Aug 2011 15:41:51 GMT https://community.cisco.com/t5/wireless/ssid-access-lists/m-p/1783568#M52780 George Stefanick 2011-08-31T15:41:51Z