Showing results for 
Search instead for 
Did you mean: 

Cisco 1830i: cannot deny access to web admin console and ssh in guest WLANs



I am a new cisco user and have setup my 1830i access point using the web admin console.
I configured two WLANs, one for personal use und a second one as a guest WLAN for public use.
I used three different VLANs to separate the traffic. I used VLANID 10 ( as

native VLAN ID for the AP (corded, the web admin console has the IP,

VLANID 20 ( for the private WLAN and VLANID 40 ( for the

public one. DHCP and DNS is provided by an external server and switched off in configuration.

Everything works fine up to this point.


When I now login my guest WLAN, I am able to access public resources but also the

web admin console.

My IP Adress is 192.168.40.x (VLAN40) and I am able connect the web admin console on ( VLAN10 ). Other devices in VLAN10 are not accessible and I do not have

any public routes from VLAN40 to VLAN10.


To solve this problem, I did some experiments with ACLs in the web admin console. When 

I enable the firewall in the WLAN options of the guest WLAN, I am not able to access any

public internet address anymore. In manuals of other products I found an information, that

all firewall ACLs have a "default deny all" rule. So I tried to enter a "default permit all" rule but

was not successful because the IP address validation rules of the web gui do not allow

entering such an address/netmask.


Unfortunately I do not have much CLI experience, but I'm open to all solutions...


Any help is appreciated!






CreatePlease to create content