cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
504
Views
0
Helpful
3
Replies

Wirless management restriction using ACL

ejlbarcelon
Level 1
Level 1

Hi, I have a WLC that I need to restriction over the management GUI but do not want to block anything else.

Is there a safe way to block other wireless client to the WLC GUI, while keeping a whitelist of those who can access?

I am planning to enable "management via wireless" as lobby admin is connected to wireless.

3 Replies 3

patoberli
VIP Alumni
VIP Alumni
Never done this, but it should work like the following:
permit client-ip virtual-interface-ip tcp 443
permit client-ip virtual-interface-ip tcp 22
deny every-other-client-ip virtual-interface-ip tcp 443
deny every-other-client-ip virtual-interface-ip tcp 80
deny every-other-client-ip virtual-interface-ip tcp 22
permit any any

Hi patoberli,

What is port 22 for? is this required to block GUI?

Also why do we need a "permit any any"?

22 is SSH, which is typically also accessible if management over wireless is enabled. Port 23 too, if you have enabled Telnet.

The permit any any is to allow all other access, like internet.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: