WLC ACL Assistance

Unanswered Question
Mar 7th, 2008
User Badges:

Hello,


I am totally new to wireless security and would appreciate some assistance. We have 4402 WLC's and from what I've read it would seem that a CPU ACL is what I would need to create and apply to accomplish our goals. Unfortunately I am not sure what interface to apply it on and what type it should be.


Our scenario is we have wireless clients that we would like to limit traffic to certain services by applying ACL's. The ACL needs to limit traffic originating on our wireless network (10.10.130.x) to the following networks on the following ports:


Networks:

192.168.130.x/24

192.168.131.x/24

192.168.100.x/24

192.168.102.x/24

192.168.105.x/24


Services:

DHCP/BOOTP

DNS

ICMP (PING)

TELNET


My interfaces on the WLC are set up as the following:


ap-manager vlan 10 10.10.130.251 static enabled

management vlan 10 10.10.130.250 static not supported

service-port N/A 192.168.130.50 static not supported

virtual N/A 1.1.1.1 static not supported



How may I accomplish this?


Thank you for your help,


Michael

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
michael-montgomery Fri, 03/14/2008 - 16:45
User Badges:

Thanks for the response and doc. In our config we do not have a dynamic interface created and I was trying to accomplish this w/o one. I was able to apply the acl to the wlan and override the interface acl, and so far this seems to work.

Scott Fella Thu, 03/13/2008 - 18:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Take a look at this. i have never been a fan of using the ACL's on the WLC. Easier on the L3 interface.


http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00807ce372.shtml

michael-montgomery Fri, 03/14/2008 - 16:37
User Badges:

Of all the docs I've read thru, this one answered some of my specific questions.


Thank you.

Actions

This Discussion

 

 

Trending Topics - Security & Network