Re: VACL for guest http access

Michael Sales · ‎02-10-2007

6513 core switch with MSFC 15 and 16 configured with Inter-vlan routing and static routes to internet.

I want to setup a wireless guest network on school wide network and limit only web access in and out to port 80. I want to create a guest vlan with a VACL to segment.

Is this a good solution and what is the best VACL config?

jain.nitin · ‎02-11-2007

Hi, YEs with the help of vlans u can restric the traffic via source IP, dest IP, Src port & dest port. I wud suggest to create a separate vlan for wireless & on that vlan apply VACL which allow only http traffic.

Hope it will give u some idea.

Thanks

Ninja

Michael Sales · ‎02-14-2007

Thanks jain,

I have the VLAN created with a small subnet. Routing is working to the internet. I'm not sure on the VACL. Do I apply them at the MSFC or the sup?

I've read on VACL's and It's a bit sketchy, I've seen code for both.

Not sure where to apply.

bfledderjohn · ‎04-06-2007

I posed this same question to a Cisco tech and was told to apply the vacl to the sup, not the MSFC.

Michael Sales · ‎05-11-2007

Hi,

That was correct...thanks for your help. It works like a charm. Need to do this more often.