cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr

Ask Me Anything – How to Enable Network Connectivity to Remote Workers
4379
Views
0
Helpful
5
Replies
Highlighted
Beginner

restrict HTTPS access to 5508 WLC

I would like to restrict HTTPS access to the management interface(the GUI management) on a 5508.  I created an ACL and applied it to the management interface.  Nothing happens.  Still able to access from any IP.  Maybe im goign about this the wrong way.

The ACL is attached as a picture to this discussion.

Any help is appreciated.

Thanks,

Ryan

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

restrict HTTPS access to 5508 WLC

You have to use CPU Acl because this traffic is directed to the wlc itself.

Interface acl is for traffic from to wireless clients

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/security_solution/config_security_chapter_01110.html#ID2789

View solution in original post

5 REPLIES 5
Highlighted
Cisco Employee

restrict HTTPS access to 5508 WLC

Hello Ryan,

As per your query i can suggest you the following solution-

Please use the commands to verify the acl on management interface-

  • •1.       config interface acl management access-control-list-name

  • •2.       config interface acl ap-manager access-control-list-name

Hope this will help you.

Highlighted
Beginner

restrict HTTPS access to 5508 WLC

Through the CLI there was no ACL applied.  Now doing the command above, the ACL is now applied, but its still allowing HTTPS access from any IP.

Highlighted
Cisco Employee

restrict HTTPS access to 5508 WLC

You have to use CPU Acl because this traffic is directed to the wlc itself.

Interface acl is for traffic from to wireless clients

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/security_solution/config_security_chapter_01110.html#ID2789

View solution in original post

Highlighted
Beginner

restrict HTTPS access to 5508 WLC

Thanks everyone.  The CPU ACL works.  Just make sure you add a permit any any to the end of your ACL or you might lose access to other mangement services as well.

Ryan

Highlighted
Beginner

So this announcement came out

So this announcement came out and now I'm looking at cpu acl stuff.  I found this thread but have a question about your statement "Just make sure you add a permit any any to the end of your ACL or you might lose access to other mangement services as well."

Im confused if you add this wouldn't this allow access for all anyway?  I can see you blocked https.  Does anyone know what other management services are needed? 

 

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-wlc

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey