Hi!
We have a lot of AP1010's, and was thinking about having them on a separate VLAN / Subnet due to security issues.
Therefore I have composed the following access-lists:
access-list 110 remark ACL_IN
access-list 110 permit udp any any eq bootps
access-list 110 permit udp any any eq domain
access-list 110 permit udp any any eq 12222
access-list 110 permit udp any any eq 12223
access-list 111 remark ACL_OUT
access-list 111 permit udp any any eq bootpc
access-list 111 permit udp host <dns-server> any gt 1023
access-list 111 permit udp any any eq 40066
Can anyone confirm that this is enough?
The AP's seem to use port 40066 as its single return port.
Not really necessary to have the outgoing ACL, but if I can make one without too much hassle I thought it would be nice to have
Thanks.