04-22-2019 04:38 AM - edited 07-05-2021 10:16 AM
Hello Guys,
I have a a Cisco AP 2802i with Mobility Express who act as a controller and 10 other Cisco AP 2802i ligthweitght connected. I've managed to configure them and it works perfectly. Here is my question, I've created a second WLAN for my guest and I want them to only have access to the web (http and https), here are my ACLs :
Source Destination Source Port Dest Port Index Dir IP Address/Netmask IP Address/Netmask Prot Range Range DSCP Action Counter ------ --- ------------------------------- ------------------------------- ---- ----------- ----------- ----- ------- ----------- 1 Out 172.0.0.0/255.255.0.0 0.0.0.0/0.0.0.0 Any 80-80 80-80 Any Permit 0 2 In 0.0.0.0/0.0.0.0 172.0.0.0/255.255.0.0 Any 80-80 80-80 Any Permit 0 3 Out 172.0.0.0/255.255.0.0 0.0.0.0/0.0.0.0 Any 443-443 443-443 Any Permit 0 4 In 0.0.0.0/0.0.0.0 172.0.0.0/255.255.0.0 Any 443-443 443-443 Any Permit 0
5 Out 172.0.0.0/255.255.0.0 0.0.0.0/0.0.0.0 Any 0-6665 0-65535 Any Deny
6 In 0.0.0.0/0.0.0.0 172.0.0.0/255.255.0.0 Any 0-6665 0-65535 Any Deny
When I apply them to my second WLAN, it does nothing, users still can access to my entire network, can you help me ?
PS : In my web interface, there's no option to configure ACL so I went through CLI.
04-22-2019 06:15 AM
Hello AMDKKW,
I have the same AP and my version on ME is 8.5.140.0.
In my case if i need to configure ACL I follow the steps:
Step 1
Step 2
Step 3
04-23-2019 03:18 PM
Dear Felipe,
Thank you for your answer, I've created a rule and I applied it but it does nothing. The rule below should deny everything no ? It's just a test.
04-25-2019 06:49 AM - edited 04-25-2019 06:49 AM
Can someone help me please ?
04-29-2019 03:32 AM
If you check the client details, You can see whether the ACL is getting applied or not.
Just check that once. If possible paste the client logs.
04-29-2019 06:09 AM
Dear Sathiyanarayanan Ravindran,
It is applied, as you can see in the screenshot :
Thanks a lot.
04-29-2019 07:34 AM
04-29-2019 08:12 AM
Dear Patoberli,
Even with 255.255.255.255 mask and the acl applied, I can still access to network.
Thanks.
04-29-2019 08:46 AM
04-29-2019 08:55 AM
Here the new screenshot :
04-29-2019 09:28 AM - edited 05-01-2019 06:42 AM
You didn't adjust the destination address!
It should state 0.0.0.0 255.255.255.255 instead of 0.0.0.0 0.0.0.0.
05-02-2019 03:47 AM
Dear Patoberli,
I can't adjust the destination address, as you can see below :
Sorry for being such a newbie and thanks a lot for you help, I appreciate !
05-02-2019 04:19 AM
05-02-2019 05:18 AM
Dear Patoberli,
WPA2 Personal authentification type, no radius and 8.5.131.0 version !
Thanks.
05-02-2019 05:28 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide