Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1057
Views
0
Helpful
1
Replies

ACL on 5508 for Guest WLAN

JASON CHOQUETTE
Level 4
Level 4

‎02-02-2010 03:21 PM - edited ‎07-03-2021 06:28 PM

I am trying to create an ACL on a 5508 for the guest WLAN so it wont be able to access internal networks, such as 172.16.0.0 255.255.0.0 and 10.0.0.0 255.0.0.0.  But, the traffic does have to go through these networks to get to the internet.  I have tried to create the ACL a couple of ways but anytime I add a deny statement for the networks I get no Internet access.

I spoke with Cisco Support and was told I would need to have explicit deny statements for nodes we dont want the guests to get to.  Is that true?

Thanks

Labels:
0 Helpful
1 Reply 1

dan.letkeman
Level 4
Level 4

‎03-03-2010 09:17 AM

What I did was trunk a vlan from the WLC to my Firewall router and did all of the ACL stuff on there instead.  That way the traffic doesn't need to route through your network, just pass through.

Guest SSID ---- WLC ---- vlan 700 trunk ---- ROUTER w/ ACL denying access to 172.16.0.0/16 etc....

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card