Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8342
Views
1
Helpful
5
Replies

restrict HTTPS access to 5508 WLC

Go to solution
ryan.rouleau
Level 1
Level 1

‎06-21-2013 11:44 AM - edited ‎07-04-2021 12:16 AM

I would like to restrict HTTPS access to the management interface(the GUI management) on a 5508.  I created an ACL and applied it to the management interface.  Nothing happens.  Still able to access from any IP.  Maybe im goign about this the wrong way.

The ACL is attached as a picture to this discussion.

Any help is appreciated.

Thanks,

Ryan

1 person had this problem
Labels:
Preview file
40 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Serge Yasmine
Cisco Employee
Cisco Employee
In response to ryan.rouleau

‎06-25-2013 01:34 PM

You have to use CPU Acl because this traffic is directed to the wlc itself.

Interface acl is for traffic from to wireless clients

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/security_solution/config_security_chapter_01110.html#ID2789

View solution in original post

5 Replies 5

Go to solution
Abhishek Abhishek
Cisco Employee
Cisco Employee

‎06-21-2013 02:29 PM

Hello Ryan,

As per your query i can suggest you the following solution-

Please use the commands to verify the acl on management interface-

  • •1.       config interface acl management access-control-list-name

  • •2.       config interface acl ap-manager access-control-list-name

Hope this will help you.

0 Helpful

Go to solution
ryan.rouleau
Level 1
Level 1
In response to Abhishek Abhishek

‎06-25-2013 10:06 AM

Through the CLI there was no ACL applied.  Now doing the command above, the ACL is now applied, but its still allowing HTTPS access from any IP.

0 Helpful

Go to solution
Serge Yasmine
Cisco Employee
Cisco Employee
In response to ryan.rouleau

‎06-25-2013 01:34 PM

You have to use CPU Acl because this traffic is directed to the wlc itself.

Interface acl is for traffic from to wireless clients

http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/security_solution/config_security_chapter_01110.html#ID2789

Go to solution
ryan.rouleau
Level 1
Level 1
In response to Serge Yasmine

‎06-25-2013 01:59 PM

Thanks everyone.  The CPU ACL works.  Just make sure you add a permit any any to the end of your ACL or you might lose access to other mangement services as well.

Ryan

0 Helpful

Go to solution
Trent Hurt
Level 1
Level 1
In response to ryan.rouleau

‎10-21-2015 11:35 AM

So this announcement came out and now I'm looking at cpu acl stuff.  I found this thread but have a question about your statement "Just make sure you add a permit any any to the end of your ACL or you might lose access to other mangement services as well."

Im confused if you add this wouldn't this allow access for all anyway?  I can see you blocked https.  Does anyone know what other management services are needed? 

 

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151016-wlc

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card