Public SSID/VLAN config

Unanswered Question
Mar 6th, 2007
User Badges:

I will have some outside vendors and support staff using wireless from inside my network. In order to try and setup a "secure" net for them to use that is segmented from the rest of my network, I created a new vlan (pspf enabled) and ssid for them. On the vlan I have setup and acl and applied it to the incoming traffic. Here it is:

10 permit icmp any any

20 permit udp any eq bootpc any

30 deny tcp any 10.0.0.0 0.255.255.255

40 deny udp any 10.0.0.0 0.255.255.255

50 permit tcp any any eq www

60 permit tcp any any eq 443

70 permit udp any any eq domain

80 deny ip any any log


I have tested it briefly and it appears to be doing what I want, any recommendations on tweaks?


dave

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
prakashj Sat, 03/10/2007 - 02:36
User Badges:


Hi dave,


Yaa your condition is correct ,You can add the follwoing condition insted of using


'20 permit udp any eq bootpc any'


new


'20 permit udp any any eq bootps'


are you allowing any telnet,SSH seesion ?,If then apply the condition for the same or block the same.


Regads


Saji k.s


prakashj Sat, 03/10/2007 - 02:38
User Badges:


Hi dave,


Apply this command.


permit udp any any eq bootpc


Regds


saji k.s

Actions

This Discussion

 

 

Trending Topics - Security & Network