Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL WLC

Hi.

We have a WLC2106 v5.0.148.0 and 3 lwwaps 1131. I've created a web auth for our guest users and this works fine, but I want to deny specifically HTTPS to our GW, which has a GUI and can get reached by HTTPS. But web auth uses HTTPS to authenticate users and redirect them out to the internet via our GW. Simply put, I want to create an ACL which denies HTTPS to only our GW, but permits HTTPS elsewhere.

How would my ACL look like for it to work?

Do I bind that ACL to the guest WLAN or a specific interface? And also, what is the difference?

Thank you

1 REPLY
Bronze

Re: ACL WLC

I think you make the first policy as

any source

GW destination

Protocol Other (443)

action deny..

then make the second as any to any allow

If you apply this to the interface, then any WLAN using this interface will have the ACL.

If you apply it to the WLAN, then this ACL will be applied only to the WLAN in question.

In the WLAN configuration the Advanced GUI tab has an ACL option. In the interface configuration it is one of the last options.

All of this is based on a 4402 on 4.1 code though. So it may not be accurate to the 2106 or 5.0 code...

249
Views
0
Helpful
1
Replies