Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1007
Views
7
Helpful
4
Replies

WLC ACL Assistance

michael-montgomery
Level 1
Level 1

‎03-07-2008 10:41 AM - edited ‎07-03-2021 03:30 PM

Hello,

I am totally new to wireless security and would appreciate some assistance. We have 4402 WLC's and from what I've read it would seem that a CPU ACL is what I would need to create and apply to accomplish our goals. Unfortunately I am not sure what interface to apply it on and what type it should be.

Our scenario is we have wireless clients that we would like to limit traffic to certain services by applying ACL's. The ACL needs to limit traffic originating on our wireless network (10.10.130.x) to the following networks on the following ports:

Networks:

192.168.130.x/24

192.168.131.x/24

192.168.100.x/24

192.168.102.x/24

192.168.105.x/24

Services:

DHCP/BOOTP

DNS

ICMP (PING)

TELNET

My interfaces on the WLC are set up as the following:

ap-manager vlan 10 10.10.130.251 static enabled

management vlan 10 10.10.130.250 static not supported

service-port N/A 192.168.130.50 static not supported

virtual N/A 1.1.1.1 static not supported

How may I accomplish this?

Thank you for your help,

Michael

Labels:
0 Helpful
4 Replies 4

irisrios
Level 6
Level 6

‎03-13-2008 09:28 AM

This is how the process works . You create an ACL denying or permiting serverices as per your needs. You name the ACL and apply it to the Dynamic -Interface to which a WLAN is mapped. Refer to URL http://cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml for configuring access lists.

michael-montgomery
Level 1
Level 1
In response to irisrios

‎03-14-2008 04:45 PM

Thanks for the response and doc. In our config we do not have a dynamic interface created and I was trying to accomplish this w/o one. I was able to apply the acl to the wlan and override the interface acl, and so far this seems to work.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎03-13-2008 06:00 PM

Take a look at this. i have never been a fan of using the ACL's on the WLC. Easier on the L3 interface.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00807ce372.shtml

-Scott
*** Please rate helpful posts ***

michael-montgomery
Level 1
Level 1
In response to Scott Fella

‎03-14-2008 04:37 PM

Of all the docs I've read thru, this one answered some of my specific questions.

Thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card