Re: ACL in Aireos and 9800 WLC

ahmad.syed · ‎10-03-2022

Hi Team,

We have ACL defined for Aireos controller in flexconnect and central switching . But as we know , in central switching AIREOS WLC we get an option to defined ACL in inbound and outbound direction which we have not in flexconnect .

How we can define outbound direction ACL in 9800 WLC for central switching ?

Example of Aireos WLC ACL in central switching as below:

Out 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 Any 0-65535 0-65535 Any Permit

Arshad Safrulla · ‎10-03-2022

What is the purpose of this ACL? When you meant by central switching do you mean split tunneling in Flex connect? In that case you need an ACL which has

"deny ip any any"

Just create an ACL and dont add any rules, this should suffice.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

ahmad.syed · ‎10-03-2022

Hi @Arshad Safrulla ,

This ACL is defined for Local mode AP. When we use Aireos converter to convert ACL , its giving permit ip any any in last line as an output for line

Out 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 Any 0-65535 0-65535 Any Permit

Arshad Safrulla · ‎10-04-2022

If you don't have any deny statements to be added to the same ACL. you are safe to ignore it.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla