My boss wants me to create a WLAN for guests, so I created and VLAN and SSID for them and used a webauth bundle with an accept button. Next I was told the WLAN needs to be limited to DHCP, DNS, HTTP and HTTPS. I created an ACL on the controller and tested it.
My throughput is cut by 66% on 802.11a/b/g access points, but seems to have no effect on the 802.11n access points. My normal download is about 22 mb/s on 802.11g, but with ACL applied, it dwindles down to 7mb/s.
Should I be placing the ACL on the 6509 that is the host chassis for the WLC?
Are there any other suggestions? What is everyone else doing?
I have only used ACL's on the WLC in a lab environment and removed it when I put it into production. I would never use it in a production environment. Either place your ACL's on your L3 devices or use a FW if guest traffic is either directed out to the DMZ or if you are using guest anchoring. I never did see any throughput drop, but then again never used ACL's in a production network.