09-15-2015 04:25 AM - edited 07-05-2021 03:56 AM
Hello,
is there any way in the controller itself to configure an access list to block its access for the other campus vlans (ip subnet) wired/wireless?
or
any other alternative solution for mgmt access blockage for all users.........except controller mgmt vlan?
plz urgent reply needed!!!
thank you
09-15-2015 07:13 AM
So you're trying to block all subnets accessing the MGMT interface? Do you have a firewall? The easiest way would be to block it at your layer 3 via ACLs.. same subnet won't be blocked.
If your users connect in to the same VLAN then change this to put them on a different VLAN and they won't be able to access the management interface. They shouldn't be able to by default anyway.
Ric
09-15-2015 10:18 AM
Thank you Ric
yes the users are on different subnets than wlc mgmt subnet. No there is no firewall inbetween users and wlc
is there any way to block them accessing wlc
mgmt ip through the wlc itself??
thank you
09-15-2015 10:30 PM
I'd recommend applying an ACL at the layer 3 boundary if that is possible but other options including using the Service Port or applying a CPU ACL.
Warning: Playing with the Service Port/CPU ACLs may result in outages so be careful when testing and maybe have things in place like local console access or a scheduled reboot in the event of an unplanned, irrecoverable disconnection to the WLC.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide