cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
856
Views
1
Helpful
5
Replies

Cisco 9800 ACL rule for access WLC via HTTP

rajat00011
Level 1
Level 1

i make acl rule for access wlc but its not working please help us

Extended IP access list access-WLC
1 permit tcp host 10.135.2.56 host 10.135.54.36 eq www
2 permit tcp host 10.135.2.142 host 10.135.54.36 eq www
3 permit tcp host 10.135.2.145 host 10.135.54.36 eq www
4 permit tcp host 10.135.2.162 host 10.135.54.36 eq www
5 permit tcp host 10.135.2.173 host 10.135.54.36 eq www
6 permit tcp host 10.135.2.207 host 10.135.54.36 eq www
7 permit tcp host 10.135.2.208 host 10.135.54.36 eq www
8 permit tcp host 10.135.2.211 host 10.135.54.36 eq www
9 permit tcp host 10.135.2.216 host 10.135.54.36 eq www
10 permit tcp host 10.135.2.241 host 10.135.54.36 eq www
11 permit tcp host 10.135.2.242 host 10.135.54.36 eq www
12 permit tcp host 10.135.2.244 host 10.135.54.36 eq www
13 permit tcp host 10.135.2.245 host 10.135.54.36 eq www
14 permit tcp host 10.135.2.247 host 10.135.54.36 eq www
15 permit tcp host 10.135.2.248 host 10.135.54.36 eq www
16 permit tcp host 10.135.2.250 host 10.135.54.36 eq www
17 permit tcp host 10.135.2.251 host 10.135.54.36 eq www
18 permit tcp host 10.135.36.175 host 10.135.54.36 eq www
19 permit tcp host 10.135.36.62 host 10.135.54.36 eq www
20 permit tcp host 10.135.36.65 host 10.135.54.36 eq www
21 permit tcp host 10.135.36.58 host 10.135.54.36 eq www
22 permit tcp host 10.135.2.56 host 10.135.54.36 eq 22
23 permit tcp host 10.135.47.167 host 10.135.54.36 eq www

1 Accepted Solution

Accepted Solutions

where you apply this ACL ?
>> associate with interface
That doesn't actually answer the question that was asked!

1. Regardless of where you're applying this ACL it seems like a really bad way of trying to restrict access to the GUI!
2. Notably your ACL is only permitting http (port 80) - what about http (port 443)?
3. Access to the GUI should be controlled by using "ip http access-class"
4. SSH access should be controller by using "access-class <acl-name> in" on the "line vty"
5 You should be using something like TACACS to provide strong, secure authentication for access to SSH and GUI.

View solution in original post

5 Replies 5

where you apply this ACL ?

MHM

associate with interface

where you apply this ACL ?
>> associate with interface
That doesn't actually answer the question that was asked!

1. Regardless of where you're applying this ACL it seems like a really bad way of trying to restrict access to the GUI!
2. Notably your ACL is only permitting http (port 80) - what about http (port 443)?
3. Access to the GUI should be controlled by using "ip http access-class"
4. SSH access should be controller by using "access-class <acl-name> in" on the "line vty"
5 You should be using something like TACACS to provide strong, secure authentication for access to SSH and GUI.

thank u sir now its work

I will update you tonight for more info 

Thanks for waiting 

MHM

Review Cisco Networking for a $25 gift card