Cisco 2000 and web filtering

jjoyner · ‎01-25-2007

I just installed a Cisco 2000 and 3 AP 1131s. Everything is working perfectly except for one detail.

I have 2 WLANs with their own VLANs, Staff & Patrons.

We are required to filter the internet for the patrons. I setup the DHCP to hand out the IP of the filter server for the gateway instead of the patron vlan IP. However, the patron wlan bypasses the filter server to the patron vlan ip.

Any suggestions?

Thanks,

Joe

amritpatek · ‎02-01-2007

Yes, you can create a rule that blockls internet access to this particular vlan id and apply the rule to the specific dynamic interface. In this way, you cna apply ACL.

Refer the following link on how to comfigure ACL in your WLC.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml

jjoyner · ‎02-05-2007

I tried configuring ACLs on both the router and the WLC, neither one worked. With no ACLs, I'm able to access the web configuration on the gateway.

The DHCP is sending the correct IP for the gateway, 192.168.1.18. But, it seems that the WLC is forcing all internet traffic through 192.168.100.1, the router.

The WLAN interface is 192.168.100.5 and the gateway for the interface is 192.168.100.1. I tried changing the gateway to 192.168.1.18 but get an error "Invalid address."

I can't seem to think of anything else.

ksannedhi · ‎02-05-2007

You need to put the filter server on the same network as your WLAN. Your patron's wlan is on 192.168.100.* where as, filter ip is 192.168.1.18 which is on a different class C network.

That's the reason why the WLC is complaining "Invalid address" when you tried to change the gateway address on it. In order to go online, clients need to reach the gateway on their network first, so they are obviously using 192.168.100.1 as the gateway.