Access-lists for AccessPoint subnet

Unanswered Question

Hi!

We have a lot of AP1010's, and was thinking about having them on a separate VLAN / Subnet due to security issues.

Therefore I have composed the following access-lists:

access-list 110 remark ACL_IN

access-list 110 permit udp any any eq bootps

access-list 110 permit udp any any eq domain

access-list 110 permit udp any any eq 12222

access-list 110 permit udp any any eq 12223

access-list 111 remark ACL_OUT

access-list 111 permit udp any any eq bootpc

access-list 111 permit udp host <dns-server> any gt 1023

access-list 111 permit udp any any eq 40066

Can anyone confirm that this is enough?

The AP's seem to use port 40066 as its single return port.

Not really necessary to have the outgoing ACL, but if I can make one without too much hassle I thought it would be nice to have :)

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
carenas123 Fri, 08/31/2007 - 05:38

Access point's depends otn eh MAc address. It is random . So access-list 111 permit udp any any eq 40066 is not necessary as this might block communication between controller and access point.

Actions

This Discussion

 

 

Trending Topics - Security & Network