02-11-2014 09:31 AM - edited 07-05-2021 12:09 AM
Hello, new to wlc's.
Can i simply setup an Security ACL to only allow local wireless clients to LAN subnets.
ex: source any dest. 10.0.0.0/8
Thanks in advance
02-11-2014 09:34 AM
I guess... but using the WLC isn't a preferred method. You should block traffic on your layer 3. You would map your WLAN to different vlans so you can apply ACL's properly on your layer 3.
Here is a doc on WLC ACL's if you still want to give that a try.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****
02-11-2014 09:40 AM
Best practice is to create an ACL on the next hop wired segment.( Layer3)
If is not recommened to create this type of ACL on the WLC.
If you apply an ACL to an interface or a WLAN, wireless throughput is degraded and can lead to potential loss of packets. In order to improve throughput, remove the ACL from the interface or WLAN and move the ACL to a neighboring wired device.
Regards
Victor V
*****Help out other by using the rating system and marking answered questions as *****Answered"*****
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide