https://community.cisco.com/t5/wireless/do-acls-on-wlcs-limit-throughput/m-p/1360007#M9111 <HTML><HEAD></HEAD><BODY><P>I have only used ACL's on the WLC in a lab environment and removed it when I put it into production.&nbsp; I would never use it in a production environment.&nbsp; Either place your ACL's on your L3 devices or use a FW if guest traffic is either directed out to the DMZ or if you are using guest anchoring.&nbsp; I never did see any throughput drop, but then again never used ACL's in a production network.</P><P></P><P><A href="http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html">http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html</A></P><P><A href="http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809ba482.shtml">http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809ba482.shtml</A></P><P></P><P>Here is a thread than has some info also:</P><P></P><P><A href="https://community.cisco.com/message/3005351;jsessionid=7210AE0A26503F13C80A4ACE966D1DCF.node0">https://supportforums.cisco.com/message/3005351;jsessionid=7210AE0A26503F13C80A4ACE966D1DCF.node0</A></P></BODY></HTML> Sun, 07 Mar 2010 16:01:10 GMT Scott Fella 2010-03-07T16:01:10Z https://community.cisco.com/t5/wireless/do-acls-on-wlcs-limit-throughput/m-p/1360006#M9110 <P>My boss wants me to create a WLAN for guests, so I created and VLAN and SSID for them and used a webauth bundle with an accept button.&nbsp; Next I was told the WLAN needs to be limited to DHCP, DNS, HTTP and HTTPS.&nbsp; I created an ACL on the controller and tested it.</P><P></P><P>My throughput is cut by 66% on 802.11a/b/g access points, but seems to have no effect on the 802.11n access points.&nbsp; My normal download is about 22 mb/s on 802.11g, but with ACL applied, it dwindles down to 7mb/s.</P><P></P><P>Should I be placing the ACL on the 6509 that is the host chassis for the WLC?</P><P></P><P>Are there any other suggestions?&nbsp; What is everyone else doing?</P><P></P><P>Thanks in advance,</P><P>Tim</P> Sun, 04 Jul 2021 01:35:15 GMT https://community.cisco.com/t5/wireless/do-acls-on-wlcs-limit-throughput/m-p/1360006#M9110 tdennehy 2021-07-04T01:35:15Z https://community.cisco.com/t5/wireless/do-acls-on-wlcs-limit-throughput/m-p/1360007#M9111 <HTML><HEAD></HEAD><BODY><P>I have only used ACL's on the WLC in a lab environment and removed it when I put it into production.&nbsp; I would never use it in a production environment.&nbsp; Either place your ACL's on your L3 devices or use a FW if guest traffic is either directed out to the DMZ or if you are using guest anchoring.&nbsp; I never did see any throughput drop, but then again never used ACL's in a production network.</P><P></P><P><A href="http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html">http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.1/GAccess_41.html</A></P><P><A href="http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809ba482.shtml">http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809ba482.shtml</A></P><P></P><P>Here is a thread than has some info also:</P><P></P><P><A href="https://community.cisco.com/message/3005351;jsessionid=7210AE0A26503F13C80A4ACE966D1DCF.node0">https://supportforums.cisco.com/message/3005351;jsessionid=7210AE0A26503F13C80A4ACE966D1DCF.node0</A></P></BODY></HTML> Sun, 07 Mar 2010 16:01:10 GMT https://community.cisco.com/t5/wireless/do-acls-on-wlcs-limit-throughput/m-p/1360007#M9111 Scott Fella 2010-03-07T16:01:10Z