Access Lists on WLC

Unanswered Question
Mar 26th, 2009

Hi All,

i have configured WLC for guests users and internal users.

i have created 2 normal WLANs and 2 different interfaces with the all information like ip address scheme and gateway and dhcp address.

one is INTERNAL and another one is GUESTS.

INTERNAL WLAN is mapped to Internal interface which configuration is as follows:-


ip add :

subnet :


dhcp add :

GUEST WLAN is mapped to GUEST interface which configuration is as follows:-

VLAN ID : 23

ip add :

subnet :


dhcp add :

now i m getting 2 SSID when i search for wireless Networks.

i can connect to intra and inter network by using any of the SSIDs.


currently i can access and and Internet too because of interVLAN Routing, but now if i join GUEST SSID i want to restrict intranet ( access except (Network Printer ip address).

i have configured 1 access list and applied it to GUEST interface.

access list has the following statements.

1 permit any any any(outbound/inbound/any)

2 deny any any any(outbound/inbound/any)

3 permit any any any(outbound/inbound/any)

by using these statements i can access INTERNET and not reachable to intranet network. thats good

but not able to access network printer (i don't know why)

one more problem is that if i mention specific network in the statement it is not working as i mentioned in last statement its working but if i set it as it wont work.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
andrewswanson Fri, 03/27/2009 - 05:02

ACLs on a WLC are not stateful - have a look at the document:

it states:

if either the source or destination are not any, then the direction of the filter must be specified, and an inverse statement in the opposite direction must be created.

to allow access to your printer try:

permit any any inbound

permit any any outbound




This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode