VACL for guest http access

Unanswered Question
Feb 10th, 2007

6513 core switch with MSFC 15 and 16 configured with Inter-vlan routing and static routes to internet.

I want to setup a wireless guest network on school wide network and limit only web access in and out to port 80. I want to create a guest vlan with a VACL to segment.

Is this a good solution and what is the best VACL config?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jain.nitin Sun, 02/11/2007 - 10:39

Hi, YEs with the help of vlans u can restric the traffic via source IP, dest IP, Src port & dest port. I wud suggest to create a separate vlan for wireless & on that vlan apply VACL which allow only http traffic.

Hope it will give u some idea.



Michael Sales Wed, 02/14/2007 - 16:30

Thanks jain,

I have the VLAN created with a small subnet. Routing is working to the internet. I'm not sure on the VACL. Do I apply them at the MSFC or the sup?

I've read on VACL's and It's a bit sketchy, I've seen code for both.

Not sure where to apply.

bfledderjohn Fri, 04/06/2007 - 12:59

I posed this same question to a Cisco tech and was told to apply the vacl to the sup, not the MSFC.

Michael Sales Fri, 05/11/2007 - 04:20


That was correct...thanks for your help. It works like a charm. Need to do this more often.


This Discussion