Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
646
Views
0
Helpful
4
Replies

how to Isolate Guest without Anchor WLC

Freemen
Level 1
Level 1

‎04-22-2015 10:10 PM - edited ‎07-05-2021 03:00 AM

Hi 

My environment have 1 WLC 7.6, and Cisco ISE 1.3, but guest needed to be Isolated.

Problem now is even I apply ACL_INTERNET_ONLY. when run the scanning tools still able to discover the network segment.

 

how I can achieve to not allow guest to attempt scanning my network?

 

Labels:
0 Helpful
4 Replies 4

Saurav Lodh
Level 7
Level 7

‎04-23-2015 12:19 AM

if you can use host discovery scanner which uses icmp ,tcp, udp probes , I think you should check the ACL on WLC once. I will also suggest you to do some packet captures and drill down if any probes present the guest scanner to the subnets.

0 Helpful

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎04-23-2015 06:50 AM

Honestly.....I'd put the ACL at L3 instead of on the WLC.

 

For ACL on the WLC you have to remember to put your entries in bidirectionally. Allow and disallow in both inbound and outbound directions.

 

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Freemen
Level 1
Level 1
In response to Stephen Rodriguez

‎04-23-2015 07:45 PM

TQ, let me try out deny the outbound from Private segment

 

 

0 Helpful

abwahid
Level 4
Level 4

‎06-24-2015 01:49 AM

Hi,

check this configuration example as well.

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/117620-configure-ISE-00.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card