Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACL vs. Filters

I know I've seen this somewhere in the forums before, so forgive my redundant posting. While I'm fairly familiar with ACLs, I'm wondering if filtering at the AP will provide the same benefit. What I'm interested in doing seems to be fairly common:

I have two SSIDs/VLANs:

VLAN 84- Open, not authentication, for Internet usage

VLAN 88- LEAP authentication, full network access

I'd like to block all traffic coming from VLAN 84 to any other server but our DHCP server and the private interface of our firewall so these users can get an IP and get out to the Internet.

All traffic for VLAN 88 should flow as normal.

The AP connects to a 6509 switch w/ an MSFC. I could just write an ACL on the MSFC. Would it be easier/more secure to write a filter on the AP?

  • Security and Network Management

Re: ACL vs. Filters