07-22-2015 10:58 AM - edited 07-05-2021 03:37 AM
Hi,
ACL in Wireless Controller vs Acl
What is the recommended practice, applying acl on interface vlan or acl inside the WLC
what are the merits and demerits on applying acl in WLC over
Thank you
07-22-2015 11:03 PM
What is the recommended practice, applying acl on interface vlan or acl inside the WLC
The recommended "best practice" is to stick the ACL nearest to the core switch AND keep ACL away from the WLC.
07-25-2015 03:03 PM
Thanks leo
The recommended "best practice" is to stick the ACL nearest to the core switch AND keep ACL away from the WLC.
If that is the case , what is the purpose of acl in WLC
Thanks
07-25-2015 03:13 PM
My 2 cents .. Keep the acl as close to the edge as possible so the traffic doesn't drive across the network just to get dropped.
However the ACL on the WLC beyond normal reasoning. In some cases you need to have an acl in both directions to allow traffic to pass. You also have a hard limitation of 66 acl lines or some number close to it.
In my case I avoid the acls on the controller and place on the upstream switch the controller plugs into. I do however use an acl on the controller to block WLC management traffic ..
HTH
07-25-2015 08:24 PM
Thanks George ,
For the number 66 acl lines
" I do however use an acl on the controller to block WLC management traffic ."
Why and what is the benefit
.
07-25-2015 06:24 PM
If that is the case , what is the purpose of acl in WLC
ACL function in the WLC is an OPTIONAL feature. It has it's uses but due to the limitation of what the WLC ACL can/can't do it's really difficult to justify sticking an ACL in the WLC.
07-25-2015 08:06 PM
Hi,
core---distribution--access
f i keep wlc at access layer , would it be bad idea ? . (wlc and access point are in same subnet) .ssid's are differnet vlan at the same access layer .
Would it be better if i keep in core . ?
Can you give just an overview how a client associate to a AP and WLC , and how the traffic flows to the distribution layer .
The below one would be a dump question . if the best practice is to drop the traffic at the nearest , the nearest place must be at WLC ?
Thanks
07-25-2015 09:30 PM
f i keep wlc at access layer , would it be bad idea ?
Very bad idea. WLC is designed to be in a core network. WLC is also suitable for distro but it is very, very rare to find a WLC in the access layer.
07-27-2015 09:21 PM
Hi
Thanks Leo , Is it ok placing the AP and controller in the same vlan ?.
What would be the benefit and drawbacks
07-27-2015 10:24 PM
Is it ok placing the AP and controller in the same vlan ?. What would be the benefit and drawbacks
Depends on the size and shape of the network.
For lab purposes, this is fine.
If you're going to connect multiple sites or buildings over a Layer 3 network, the WLC should "live" in the core network.
08-01-2015 05:57 PM
Hi,
Here is setup
wlc ip 10.0.50.10 /24
ap 10.0.50.x (same subnet)
client -10.0.x.x /24
the client is redirected to ISE once they conneced for authentication .
ofcourse client cannot browse unless they authenticated
the problem is before authentication the client can see the port is opened or not .
How can i solve this issue . putting an acl on the wlc will solve this issue or there is something i am missing .
on the client vlan i have an access list .
but no access list on ap and wlc vlan
Please help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide