×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ACL to Block Guest Wireless Users

Answered Question
Jan 4th, 2013
User Badges:

Hello,


Need assistance troubleshooting guest wireless access from being blocked by ACL.


Customer is using UC520 and AP541N.  We want to block traffic from VLAN 10 (172.16.10.0/24) to VLAN 1 (192.168.10.0/24).  We have tried inbound and outbound ACLs, but I don't see any traffice matches.  Below is the configuration.


UC520


UC500 Advanced IP Services IOS version 15.1(4)M5


ACL applied to VLAN 1 inbound:


Extended IP access list 102

    10 permit udp any host 192.168.10.1 eq non500-isakmp

    20 permit udp any host 192.168.10.1 eq isakmp

    30 permit esp any host 192.168.10.1

    40 permit ahp any host 192.168.10.1

    50 deny ip 172.16.10.0 0.0.0.255 any

    60 deny ip 10.1.10.0 0.0.0.3 any

    70 deny ip 10.1.1.0 0.0.0.255 any

    80 deny ip host 255.255.255.255 any

    90 deny ip 127.0.0.0 0.255.255.255 any

    100 permit ip any any (3375999 matches)


ACL applied to VLAN 10 outbound

Extended IP access list 106

    10 deny ip 172.16.10.0 0.0.0.255 192.168.10.0 0.0.0.255

    20 permit ip any any (38 matches)


AP541N


Software version 9-2.0(2)


VAP 0 maps to VLAN 1


VAP 1 maps to VLAN 10


The link between the UC520 and AP541N is setup as a trunk.


Please let me know if you require more information to troubleshoot.  Thanks in advance!

Correct Answer by Alexander Maroukian about 4 years 7 months ago

Hi Brad,


Please try to apply ACL 106 to to vlan 10 inbound:


ip access-group 106 in


HTH,

Alex


*Please rate helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Alexander Maroukian Fri, 01/04/2013 - 14:58
User Badges:
  • Cisco Employee,

Hi Brad,


Please try to apply ACL 106 to to vlan 10 inbound:


ip access-group 106 in


HTH,

Alex


*Please rate helpful posts

Alexander Maroukian Mon, 01/07/2013 - 15:06
User Badges:
  • Cisco Employee,

Hello Brad,


I am glad that you got the desired result.

Thank you for the feedback and the rating!


Best regards,

Alex

ajamore60 Mon, 03/11/2013 - 08:33
User Badges:

Shouldn't this be applied to the BVI10 interface on the UC520 for VLAN10?

Actions

This Discussion

Related Content