Do ACLs on WLCs limit throughput

Unanswered Question
Mar 7th, 2010
User Badges:

My boss wants me to create a WLAN for guests, so I created and VLAN and SSID for them and used a webauth bundle with an accept button.  Next I was told the WLAN needs to be limited to DHCP, DNS, HTTP and HTTPS.  I created an ACL on the controller and tested it.

My throughput is cut by 66% on 802.11a/b/g access points, but seems to have no effect on the 802.11n access points.  My normal download is about 22 mb/s on 802.11g, but with ACL applied, it dwindles down to 7mb/s.

Should I be placing the ACL on the 6509 that is the host chassis for the WLC?

Are there any other suggestions?  What is everyone else doing?

Thanks in advance,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Scott Fella Sun, 03/07/2010 - 08:01
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

I have only used ACL's on the WLC in a lab environment and removed it when I put it into production.  I would never use it in a production environment.  Either place your ACL's on your L3 devices or use a FW if guest traffic is either directed out to the DMZ or if you are using guest anchoring.  I never did see any throughput drop, but then again never used ACL's in a production network.

Here is a thread than has some info also:;jsessionid=7210AE0A26503F13C80A4ACE966D1DCF.node0


This Discussion



Trending Topics - Security & Network