cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
430
Views
0
Helpful
0
Replies
Highlighted
Beginner

Cisco 1830i: cannot deny access to web admin console and ssh in guest WLANs

Hello,

 

I am a new cisco user and have setup my 1830i access point using the web admin console.
I configured two WLANs, one for personal use und a second one as a guest WLAN for public use.
I used three different VLANs to separate the traffic. I used VLANID 10 (192.168.10.0/24) as

native VLAN ID for the AP (corded, the web admin console has the IP 192.168.10.10),

VLANID 20 (192.168.20.0/24) for the private WLAN and VLANID 40 (192.168.40.0/24) for the

public one. DHCP and DNS is provided by an external server and switched off in configuration.

Everything works fine up to this point.

 

When I now login my guest WLAN, I am able to access public resources but also the

web admin console.

My IP Adress is 192.168.40.x (VLAN40) and I am able connect the web admin console on

192.168.10.10 ( VLAN10 ). Other devices in VLAN10 are not accessible and I do not have

any public routes from VLAN40 to VLAN10.

 

To solve this problem, I did some experiments with ACLs in the web admin console. When 

I enable the firewall in the WLAN options of the guest WLAN, I am not able to access any

public internet address anymore. In manuals of other products I found an information, that

all firewall ACLs have a "default deny all" rule. So I tried to enter a "default permit all" rule but

was not successful because the IP address validation rules of the web gui do not allow

entering such an address/netmask.

 

Unfortunately I do not have much CLI experience, but I'm open to all solutions...

 

Any help is appreciated!

Andre

 

 

 

 

CreatePlease to create content