Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 2000 and web filtering

I just installed a Cisco 2000 and 3 AP 1131s. Everything is working perfectly except for one detail.

I have 2 WLANs with their own VLANs, Staff & Patrons.

We are required to filter the internet for the patrons. I setup the DHCP to hand out the IP of the filter server for the gateway instead of the patron vlan IP. However, the patron wlan bypasses the filter server to the patron vlan ip.

Any suggestions?

Thanks,

Joe

3 REPLIES
Silver

Re: Cisco 2000 and web filtering

Yes, you can create a rule that blockls internet access to this particular vlan id and apply the rule to the specific dynamic interface. In this way, you cna apply ACL.

Refer the following link on how to comfigure ACL in your WLC.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml

New Member

Re: Cisco 2000 and web filtering

I tried configuring ACLs on both the router and the WLC, neither one worked. With no ACLs, I'm able to access the web configuration on the gateway.

The DHCP is sending the correct IP for the gateway, 192.168.1.18. But, it seems that the WLC is forcing all internet traffic through 192.168.100.1, the router.

The WLAN interface is 192.168.100.5 and the gateway for the interface is 192.168.100.1. I tried changing the gateway to 192.168.1.18 but get an error "Invalid address."

I can't seem to think of anything else.

New Member

Re: Cisco 2000 and web filtering

You need to put the filter server on the same network as your WLAN. Your patron's wlan is on 192.168.100.* where as, filter ip is 192.168.1.18 which is on a different class C network.

That's the reason why the WLC is complaining "Invalid address" when you tried to change the gateway address on it. In order to go online, clients need to reach the gateway on their network first, so they are obviously using 192.168.100.1 as the gateway.

567
Views
0
Helpful
3
Replies
CreatePlease to create content