cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
269
Views
0
Helpful
1
Replies

Access-lists for AccessPoint subnet

dal
Level 3
Level 3

Hi!

We have a lot of AP1010's, and was thinking about having them on a separate VLAN / Subnet due to security issues.

Therefore I have composed the following access-lists:

access-list 110 remark ACL_IN

access-list 110 permit udp any any eq bootps

access-list 110 permit udp any any eq domain

access-list 110 permit udp any any eq 12222

access-list 110 permit udp any any eq 12223

access-list 111 remark ACL_OUT

access-list 111 permit udp any any eq bootpc

access-list 111 permit udp host <dns-server> any gt 1023

access-list 111 permit udp any any eq 40066

Can anyone confirm that this is enough?

The AP's seem to use port 40066 as its single return port.

Not really necessary to have the outgoing ACL, but if I can make one without too much hassle I thought it would be nice to have

Thanks.

1 Reply 1

carenas123
Level 5
Level 5

Access point's depends otn eh MAc address. It is random . So access-list 111 permit udp any any eq 40066 is not necessary as this might block communication between controller and access point.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: