Re: SSID & Access Lists

Neville Price · ‎08-31-2011

I have been asked to configure the following:

1. Create a specific SSID with 802.1x Authentication (Done)

2. Create access lists, to only allow users connected to that specific ssid access only to CITRX, is this possible?

We are attempting to connect iPads to our wireless network, for Dr's to use as part of their day to day duties.

Stephen Rodriguez · ‎08-31-2011

Yes this is possible. When you create the ACL remember to set the out and in policy for the user VLAN and the citrix server farm, if you create the ACL on the WLC. Also don't forget to allow dns access.

Sent from Cisco Technical Support iPad App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Neville Price · ‎08-31-2011

Thanks for that, Is there a document that explains the procedure.

George Stefanick · ‎08-31-2011

I would like to piggy back on Steves comment.

If it were me. I would put the ACL on the SVI interface of the wireless vlan. So traffic gets dropped right after the WLC. I'm not a fan of ACLs on the WLC.

So on your "Dr WLAN" you have a interface / (vlan 10 for example). On that SVI interface for VLAN 10 allow access to the servers and other items like DNS (as Steve pointed out). Then deny everything else.

Make sense?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________