03-04-2024 10:04 PM
i make acl rule for access wlc but its not working please help us
Extended IP access list access-WLC
1 permit tcp host 10.135.2.56 host 10.135.54.36 eq www
2 permit tcp host 10.135.2.142 host 10.135.54.36 eq www
3 permit tcp host 10.135.2.145 host 10.135.54.36 eq www
4 permit tcp host 10.135.2.162 host 10.135.54.36 eq www
5 permit tcp host 10.135.2.173 host 10.135.54.36 eq www
6 permit tcp host 10.135.2.207 host 10.135.54.36 eq www
7 permit tcp host 10.135.2.208 host 10.135.54.36 eq www
8 permit tcp host 10.135.2.211 host 10.135.54.36 eq www
9 permit tcp host 10.135.2.216 host 10.135.54.36 eq www
10 permit tcp host 10.135.2.241 host 10.135.54.36 eq www
11 permit tcp host 10.135.2.242 host 10.135.54.36 eq www
12 permit tcp host 10.135.2.244 host 10.135.54.36 eq www
13 permit tcp host 10.135.2.245 host 10.135.54.36 eq www
14 permit tcp host 10.135.2.247 host 10.135.54.36 eq www
15 permit tcp host 10.135.2.248 host 10.135.54.36 eq www
16 permit tcp host 10.135.2.250 host 10.135.54.36 eq www
17 permit tcp host 10.135.2.251 host 10.135.54.36 eq www
18 permit tcp host 10.135.36.175 host 10.135.54.36 eq www
19 permit tcp host 10.135.36.62 host 10.135.54.36 eq www
20 permit tcp host 10.135.36.65 host 10.135.54.36 eq www
21 permit tcp host 10.135.36.58 host 10.135.54.36 eq www
22 permit tcp host 10.135.2.56 host 10.135.54.36 eq 22
23 permit tcp host 10.135.47.167 host 10.135.54.36 eq www
Solved! Go to Solution.
03-05-2024 08:08 AM
> where you apply this ACL ?
>> associate with interface
That doesn't actually answer the question that was asked!
1. Regardless of where you're applying this ACL it seems like a really bad way of trying to restrict access to the GUI!
2. Notably your ACL is only permitting http (port 80) - what about http (port 443)?
3. Access to the GUI should be controlled by using "ip http access-class"
4. SSH access should be controller by using "access-class <acl-name> in" on the "line vty"
5 You should be using something like TACACS to provide strong, secure authentication for access to SSH and GUI.
03-04-2024 10:42 PM
where you apply this ACL ?
MHM
03-04-2024 10:47 PM
associate with interface
03-05-2024 08:08 AM
> where you apply this ACL ?
>> associate with interface
That doesn't actually answer the question that was asked!
1. Regardless of where you're applying this ACL it seems like a really bad way of trying to restrict access to the GUI!
2. Notably your ACL is only permitting http (port 80) - what about http (port 443)?
3. Access to the GUI should be controlled by using "ip http access-class"
4. SSH access should be controller by using "access-class <acl-name> in" on the "line vty"
5 You should be using something like TACACS to provide strong, secure authentication for access to SSH and GUI.
03-06-2024 02:06 AM
thank u sir now its work
03-06-2024 02:13 AM
I will update you tonight for more info
Thanks for waiting
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide