Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
520
Views
0
Helpful
2
Replies

ACL

Jonathan Chatman Jr.
Level 1
Level 1

‎02-26-2016 01:23 PM - edited ‎07-05-2021 04:41 AM

I am applying an ACL on the controller, and permitting only myself and the other Admin access to the Controller GUI and denying everyone else. However, when we have someone put the IP in the URL, they are still able to see the LAN Controller GUI. What am I doing wrong?

Labels:
0 Helpful
2 Replies 2

Freerk Terpstra
Level 7
Level 7

‎02-27-2016 10:18 AM

Hi Johanthan,

That depends on the place where your are putting the ACL and how the ACL looks like. If filtering on external firewalls or routers is out of the picture, my recommendation is to use an "CPU ACL" on the WLC to protected access to the management-plane. Keep in mind that not only your management traffic is crossing the CPU of the WLC, also CAPWAP traffic from and to the access-points needs to be allowed for example. Because of this most people just filter on TCP 22/80/443 and allow everything else. Be cautious implementing this because there is a chance that you lock yourself out :-)

Please rate useful posts... :-)

0 Helpful

mohanak
Cisco Employee
Cisco Employee

‎03-10-2016 05:38 PM

There are CPU ACLs which can filter traffic destined for the Management Interface.

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/71978-acl-wlc.html#cpuacl

0 Helpful
Related community topics
Review Cisco Networking for a $25 gift card
Top