cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
238
Views
0
Helpful
3
Replies
Highlighted
Beginner

Wirless management restriction using ACL

Hi, I have a WLC that I need to restriction over the management GUI but do not want to block anything else.

Is there a safe way to block other wireless client to the WLC GUI, while keeping a whitelist of those who can access?

I am planning to enable "management via wireless" as lobby admin is connected to wireless.

3 REPLIES 3
Highlighted
VIP Advocate

Never done this, but it should work like the following:
permit client-ip virtual-interface-ip tcp 443
permit client-ip virtual-interface-ip tcp 22
deny every-other-client-ip virtual-interface-ip tcp 443
deny every-other-client-ip virtual-interface-ip tcp 80
deny every-other-client-ip virtual-interface-ip tcp 22
permit any any
Highlighted

Hi patoberli,

What is port 22 for? is this required to block GUI?

Also why do we need a "permit any any"?

Highlighted

22 is SSH, which is typically also accessible if management over wireless is enabled. Port 23 too, if you have enabled Telnet.

The permit any any is to allow all other access, like internet.