01-04-2013 03:51 AM - edited 03-21-2019 06:48 AM
Hello,
Need assistance troubleshooting guest wireless access from being blocked by ACL.
Customer is using UC520 and AP541N. We want to block traffic from VLAN 10 (172.16.10.0/24) to VLAN 1 (192.168.10.0/24). We have tried inbound and outbound ACLs, but I don't see any traffice matches. Below is the configuration.
UC520
UC500 Advanced IP Services IOS version 15.1(4)M5
ACL applied to VLAN 1 inbound:
Extended IP access list 102
10 permit udp any host 192.168.10.1 eq non500-isakmp
20 permit udp any host 192.168.10.1 eq isakmp
30 permit esp any host 192.168.10.1
40 permit ahp any host 192.168.10.1
50 deny ip 172.16.10.0 0.0.0.255 any
60 deny ip 10.1.10.0 0.0.0.3 any
70 deny ip 10.1.1.0 0.0.0.255 any
80 deny ip host 255.255.255.255 any
90 deny ip 127.0.0.0 0.255.255.255 any
100 permit ip any any (3375999 matches)
ACL applied to VLAN 10 outbound
Extended IP access list 106
10 deny ip 172.16.10.0 0.0.0.255 192.168.10.0 0.0.0.255
20 permit ip any any (38 matches)
AP541N
Software version 9-2.0(2)
VAP 0 maps to VLAN 1
VAP 1 maps to VLAN 10
The link between the UC520 and AP541N is setup as a trunk.
Please let me know if you require more information to troubleshoot. Thanks in advance!
Solved! Go to Solution.
01-04-2013 02:58 PM
Hi Brad,
Please try to apply ACL 106 to to vlan 10 inbound:
ip access-group 106 in
HTH,
Alex
*Please rate helpful posts
01-04-2013 02:58 PM
Hi Brad,
Please try to apply ACL 106 to to vlan 10 inbound:
ip access-group 106 in
HTH,
Alex
*Please rate helpful posts
01-07-2013 12:49 PM
That worked, Alex. Thank you!
01-07-2013 03:06 PM
Hello Brad,
I am glad that you got the desired result.
Thank you for the feedback and the rating!
Best regards,
Alex
03-11-2013 08:33 AM
Shouldn't this be applied to the BVI10 interface on the UC520 for VLAN10?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide