Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

can't put ACL on management int - WLC

Why is it so that I can't put an ACL on the management int or the mangement WLAN. I mean, I can put the ACL on the int/WLAN but it has no effect, it only denies everything.

Also, can someone please explain what the difference between putting an ACL on an interface vs one on a WLAN.

Thank you.

Cisco Employee

Re: can't put ACL on management int - WLC

Where you place the ACL determines when the packets are acted upon. Depending on how close to the client you put it determines how much cpu/bandwidth etc you use prior to the action.

There is a deny all at the end of every ACL. Are you sure the ACL has something to act on and isn't just getting to the deny?

What version of WLC code are you running?

An access control list (ACL) is a set of rules used to limit access to a particular interface (for example, if you want to restrict a wireless client from pinging the management interface of the controller). After ACLs are configured on the controller, they can be applied to the management interface, the AP-manager interface, any of the dynamic interfaces, or a WLAN to control data traffic to and from wireless clients or to the controller central processing unit (CPU) to control all traffic destined for the CPU.

CreatePlease to create content