cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
402
Views
5
Helpful
5
Replies
majed.balsharaf
Beginner

Wireless Controller 2504

Hi

I am having wireless (2504)  controller with 10(AIR-AP114) AP connected to it. And they are connected in my  network to internet.

I want to give different SSID with different level of security.

Example:

SSID 1 : Guest  (access level limited)

SSID 2 : Employees (full access)

Please suggest me as I am not having much knowledge about Wireless

5 REPLIES 5
Scott Fella
Hall of Fame Guru

Well what exactly is limited access? If its just Internet only you can do this many ways. First you can use ACLs on the WLC to block traffic to your local network and just allow Internet, dhcp and dns. Or you can do this on the layer 3 interface which I prefer. The other way is to just use one port for your internal traffic and another port connected to your dmz.

So there are many ways, but most if them doesn't involve doin anything on the WLC unless you use ACLs on the WLC.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
maldehne
Cisco Employee

Yeah I go with Scott , what kind of restriction do you want to acheive??

majed.balsharaf
Beginner

Thanks alot for the reply.

   I am creating two SSID 

1.Employees

2. Guest

In Employees I want full access of internet, in Guest they can only access EMAILs.

I am using CLI to configure this. But I cannot create ACL via CLI.  I am using this :

(Cisco Controller) >config acl rule ?

action         Configure a rule's action.

add            Add a new rule.

change         Change a rule's index.

delete         Delete a rule.

destination    Configure a rule's destination IP address, netmask and port range.

direction      Configure a rule's direction.

dscp           Configure a rule's DSCP.

protocol       Configure a rule's IP Protocol.

source         Configure a rule's source IP address, netmask and port range.

swap           Swap two rules' indices.

What should I use to configure ACL rule for Guest.

If you want to configure ACLs you can use the GUI of the controller

security --> Access control lists --> Access control lists

there you go

then you can apply either per interface or

in WLAN advanced config you can override the interface configured ACL

with another defined ACL.

------------------------------------------------------------------------------------------

please make sure to rate correct answers

Saravanan Lakshmanan
Cisco Employee

Here is an example:

https://supportforums.cisco.com/docs/DOC-30315

Once the ACL is created apply to the guest vlan interface on wlc.

Create
Recognize Your Peers
Content for Community-Ad