cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
455
Views
0
Helpful
3
Replies

block access to wlc mgmt ip within the campus network

john smith
Level 1
Level 1

Hello,

 

is there any way in the controller itself to configure an access list to block its access for the other campus vlans (ip subnet) wired/wireless?

or 

any other alternative solution for mgmt access blockage for all users.........except controller mgmt vlan?

 

plz urgent reply needed!!!

thank you

3 Replies 3

Ric Beeching
Level 7
Level 7

So you're trying to block all subnets accessing the MGMT interface? Do you have a firewall? The easiest way would be to block it at your layer 3 via ACLs.. same subnet won't be blocked.

If your users connect in to the same VLAN then change this to put them on a different VLAN and they won't be able to access the management interface. They shouldn't be able to by default anyway.

Ric

-----------------------------
Please rate helpful / correct posts

Thank you Ric

yes the users are on different subnets than wlc mgmt subnet. No there is no firewall inbetween users and wlc

is there any way to block them accessing wlc  

mgmt ip through the wlc itself??

 

thank you

 

I'd recommend applying an ACL at the layer 3 boundary if that is possible but other options including using the Service Port or applying a CPU ACL.

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109669-secure-wlc.html#t4

Warning: Playing with the Service Port/CPU ACLs may result in outages so be careful when testing and maybe have things in place like local console access or a scheduled reboot in the event of an unplanned, irrecoverable disconnection to the WLC.

-----------------------------
Please rate helpful / correct posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: