I'm trying to understand the difference between applying an ACl to CPU or management i/f or ap-manager i/f.
It seems to me that the latter 2 are software interfaces and therefore all traffic to & from them goes via the CPU, right?
So what's the difference between applying an ACL to one of these 2 interfaces or to the CPU?
I can't find the answer to this in any Cisco doco.
Eg. Say I wanted part of an ingress ACL (to WLC from outside) to match source port = RADIUS
What difference would it make if I applied this to the CPU or to the Management i/f?