Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

how do configure AP 1130AG TO ALLOW ONLY "INTERNET ACCESS ONLY"?

I'd like to configure the 1130AG AP for internet access only. For example, anyone who is connected to the AP cannot see the other computers that are connected to the same AP, but can access internet. I looked at all the documents and found that the Security->IP filter is the way to go. However, I am not sure what to filter out.

The computers connected to this AP gets an IP address fromthe DHCP 10.10.1.100 through 200. This AP IP address is 10.10.1.20. Do I create a IP filter to block out all but 10.10.1.20?

2 REPLIES
Cisco Employee

Re: how do configure AP 1130AG TO ALLOW ONLY "INTERNET ACCESS ON

If the wireless client isn't supposed to reach ANY other device on its own subnet, you can deny all traffic for which the destination IP is that subnet.

The filter will not block traffic flowing through the AP and/or gateway as long as the destination IP doesn't match the filter.

If you're doing it from the console, it would look something like this:

ip access-list extended blockmysubnet

deny ip any 10.10.1.0 255.255.255.0

permit ip any any

Like this, if the client tries to telnet to the AP directly (10.10.1.20) the filter will block it. But if the client tries to go to google then the filter wouldn't match it and the AP should not block the traffic.

New Member

Re: how do configure AP 1130AG TO ALLOW ONLY "INTERNET ACCESS ON

This will work, but

I only want to block

the IPs assigned by DHCP e.g. 10.10.1.100 to 10.10.1.150

(inclusive). Is there

a command I can specify from the console to block a range of IPs?

786
Views
4
Helpful
2
Replies
CreatePlease to create content