cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1578
Views
5
Helpful
16
Replies
Beginner

Cisco mobility express firewall ACL can't permit any

hi,

 

I enable cisco 1832/1852I ap-type to mobility express mode and enable WLAN firewall ACL.

But I can't permit any IP 0.0.0.0/0.0.0.0 for destination. refer attached pic.

even if I don't creat any acl, the traffic be still dropped. like having a hidden acl, it's deny all.

 

I don't know how to set permit any IP.

invalid address-0.0.0.0.pngacl-any.png

 

 

16 REPLIES 16
VIP Advisor

Re: Cisco mobility express firewall ACL can't permit any

Hi @friesher.kuo

ACL on Cisco WLC or mobility express is not the as firewall and usually is used for specific purpose. I'd say that there's no firewall on it.

 Can you explain what you are try to accomplish? 

 

 

-If I helped you somehow, please, rate it as useful.-

Beginner

Re: Cisco mobility express firewall ACL can't permit any

But this function is not work.

When enable firewall even if no any ACL or no any deny ACL, the client still can't connect to network.

 

The Cisco ME AP has the firewall function, that should be able use, even if you say it's not a firewall.

 

VIP Advisor

Re: Cisco mobility express firewall ACL can't permit any

Mate, there´s no possibility your user not getting into the AP or WLC due firewall. 

enable debug on the WLC and let´s see the logs:

debug client "mac address"

 

 

 

-If I helped you somehow, please, rate it as useful.-

Beginner

Re: Cisco mobility express firewall ACL can't permit any

hi,

 

Sorry, I don't make my point clear.

 

when enable firewall, no any ACL or no any deny-ACL, 

the client can connect to wifi, so client can connect into ap.

but they can't go to the other intranet or internet.

 

The client connect to wifi, but they can't use dhcp to get address or use static IP to intranet or internet.

just connect to wireless.

 

VIP Advisor

Re: Cisco mobility express firewall ACL can't permit any

Alright, that´s make sense.

  Your pic is not available. Looks like you can put the destination ip and port  then try to put any for both or 0.0.0.0 for IP destination. The source is probably your network.

Or you can disable firewall at all.

 

 

 

-If I helped you somehow, please, rate it as useful.-

 

 

 

 

 

 

 

 

 

-If I helped you somehow, please, rate it as useful.-

Beginner

Re: Cisco mobility express firewall ACL can't permit any

hi,

 

I need a ACL for permit all, but I can't put 0.0.0.0 for destination IP/Mask.

VIP Advisor

Re: Cisco mobility express firewall ACL can't permit any

That´s great, isn't it?  If we can´t put 0.0.0.0 or any how do Cisco suppose we can permit traffic to the internet? 

 I don't have one of them to test right here in front of me but when you put 0.0.0.0 as destination does it gives you an error?

 

 

 

 

Beginner

Re: Cisco mobility express firewall ACL can't permit any

 
Beginner

Re: Cisco mobility express firewall ACL can't permit any

Hi,

 

As previously provided pic, it shows error, "invalid address".

I can't put 0.0.0.0.

Beginner

Re: Cisco mobility express firewall ACL can't permit any

hi sir,

 

I already type 0.0.0.0 through the command. The wifi work normally.

But I still can't put 0.0.0.0 through the GUI.

 

I use the version 8.5.105.0.

 

 

Beginner

Re: Cisco mobility express firewall ACL can't permit any

hi,

 

I find the client can't get IP address using DHCP when enable firewall.

is this about enabling broadcast?

 

 

Beginner

Re: Cisco mobility express firewall ACL can't permit any

How can I input the 0.0.0.0 through CLI? The command syntax is?
Beginner

Re: Cisco mobility express firewall ACL can't permit any

Hi,

 

Did you get this working via ACL line in CLI even if not working in the GUI? 

Highlighted
Beginner

Cant Join SSID when enable Firewall ruels in ME WLC(1850 Series).

Im having the same problem. Im using 1850i Mobility Express.
when i put the guest ACL for GUEST WLAN, I cant connect to the GUEST SSID.

Here is my Screenshot of my rules:

Guest.png

 

Now All i want to block the guest network traffic to access my System.
But when i enable the firewall rules, I simply cant connect to the SSID. Sometimes I can but most of the time i cant.

What might be the problem ?

 

Best Regards/ARIQ

 

 

 

 

 

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards