Unanswered Question
Jan 14th, 2009
User Badges:


We have a WLC2106 v5.0.148.0 and 3 lwwaps 1131. I've created a web auth for our guest users and this works fine, but I want to deny specifically HTTPS to our GW, which has a GUI and can get reached by HTTPS. But web auth uses HTTPS to authenticate users and redirect them out to the internet via our GW. Simply put, I want to create an ACL which denies HTTPS to only our GW, but permits HTTPS elsewhere.

How would my ACL look like for it to work?

Do I bind that ACL to the guest WLAN or a specific interface? And also, what is the difference?

Thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
wesleyterry Tue, 01/20/2009 - 18:03
User Badges:
  • Bronze, 100 points or more

I think you make the first policy as

any source

GW destination

Protocol Other (443)

action deny..

then make the second as any to any allow

If you apply this to the interface, then any WLAN using this interface will have the ACL.

If you apply it to the WLAN, then this ACL will be applied only to the WLAN in question.

In the WLAN configuration the Advanced GUI tab has an ACL option. In the interface configuration it is one of the last options.

All of this is based on a 4402 on 4.1 code though. So it may not be accurate to the 2106 or 5.0 code...


This Discussion



Trending Topics - Security & Network