Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2363
Views
0
Helpful
5
Replies

guest access list

mohammad abdul jawad
Level 1
Level 1

‎03-16-2012 04:11 PM - edited ‎07-03-2021 09:48 PM

i have controller 5508

i configure vlan 10 for guest and name guest-inter

ip 10.0.10.2/24

default gateway 10.0.10.254 ( ip address fo core switch)

dhcp server ( 10.20.10.10/24) ( ip dhcp server is the same ip for DNS server )

i create ssid name gest and choose interface guest-inter and choose web authentication

also there is blue coast proxy for internet 10.30.10.10/24

i need guest user to access internet only

what the access list need to apply for guest in the WLC to permite internet only

i configured the access list in the controller and applied in the guest-inter interface

1- permit any any  udp  (source port dns)  ( destination port  any)    (direction any )

2-permite any any udp   ( any )                 ( dns)                             (any)

3- permite any  10.20.10.10   ip   any  any               any

4-permite  10.20.10.10   any  ip     any any                 any

5-permite any 10.30.10.10   ip    any  any                   any

6- permite 10.30.10.10  any  ip   any    any                  any

i put user name and password for guest and disply page access sucessful and stop

after that i can not access internet

please advice me

Labels:
0 Helpful
5 Replies 5

nikhilcherian
Level 5
Level 5

‎03-16-2012 09:49 PM

I would rather put an ACL to block the inside access, as given below

permit ip  any 10.30.10.10 ( here you can give a mask of 255.255.255.255 and specificallly the proxy port)

permit ip  any 10.20.10.10/24 ( ( here you can give a mask of 255.255.255.255 and the DNS port )

deny ip  10.0.10.2/24

permit ip any

What is the image that you are using in the WLC, if the build is above 7.0.116.0 enable "WebAuth Proxy Redirection Mode" from the Controller page

Thanks

NikhiL

0 Helpful

mohammad abdul jawad
Level 1
Level 1
In response to nikhilcherian

‎03-18-2012 05:20 PM

I worked by the same things you mentioned but unfortunately the same thing ther is no changing .
Please if you have practical technical document for guest access-list send to me

or advice me .

thanks

0 Helpful

Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to mohammad abdul jawad

‎03-18-2012 05:56 PM

Whatever you allow out, you need to explicitly allow back in as well. Unlike applying the acl to a svi where you only need one way.

That being said. I'd put the acl on the gateway svi instead if on the WLC.

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

mohammad abdul jawad
Level 1
Level 1
In response to Stephen Rodriguez

‎03-19-2012 12:06 AM

I applied the access list in two directions, even before the possible but i  forget to mentioned in my previous letter
I will try to apply in the layer 3 core switch and i will tell you the result .

0 Helpful

George Stefanick
VIP Alumni
VIP Alumni

‎03-18-2012 11:10 AM

You need to identifiy your interfaces in the WLC as inbound and outbound. I just did a number id ACLs on the WLC for ISE and I had the same problem. Once I added the inbound and outbound life was good. Give that a shot.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card