09-15-2015 04:25 AM - edited 07-05-2021 03:56 AM
Hello,
is there any way in the controller itself to configure an access list to block its access for the other campus vlans (ip subnet) wired/wireless?
or
any other alternative solution for mgmt access blockage for all users.........except controller mgmt vlan?
plz urgent reply needed!!!
thank you
09-15-2015 07:13 AM
So you're trying to block all subnets accessing the MGMT interface? Do you have a firewall? The easiest way would be to block it at your layer 3 via ACLs.. same subnet won't be blocked.
If your users connect in to the same VLAN then change this to put them on a different VLAN and they won't be able to access the management interface. They shouldn't be able to by default anyway.
Ric
09-15-2015 10:18 AM
Thank you Ric
yes the users are on different subnets than wlc mgmt subnet. No there is no firewall inbetween users and wlc
is there any way to block them accessing wlc
mgmt ip through the wlc itself??
thank you
09-15-2015 10:30 PM
I'd recommend applying an ACL at the layer 3 boundary if that is possible but other options including using the Service Port or applying a CPU ACL.
Warning: Playing with the Service Port/CPU ACLs may result in outages so be careful when testing and maybe have things in place like local console access or a scheduled reboot in the event of an unplanned, irrecoverable disconnection to the WLC.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: