06-04-2014 12:14 PM - edited 07-05-2021 12:57 AM
I have a Cisco 5508 WLC with a guest network set up on it. The WLAN uses local authentication and grants access through an ASA to the Internet.
I just found out that the customer now wants to limit where wireless clients can go on the Internet by URL, etc. Since the wireless clients have to use the WLC as a proxy in order to join the network, I am not sure the best way to accomplish this.
How is this typically done in a reasonable and economical manner?
06-04-2014 06:54 PM
You will need a content filter. If there is not too many users/bandwidth then you could use a Meraki MX60 ($495 list) or MX80 ($1995) to filter the traffic.
06-04-2014 08:32 PM
Since the wireless users have to use the WLC for a proxy, how would the Meraki filter URLs?
Can it do wccp? Some kind of transparent proxy function?
06-05-2014 05:25 AM
The WLC only does the proxy for the Web-auth, after the user has successfully authenticated there is no more proxy. Be careful when setting up web filtering for Web-auth if the web page the station is trying to hit can not be resolved by DNS then the Web-auth page will fail to come up.
I hope this helps.
John
06-10-2014 04:06 AM
Hi,
For this case we have option CPU ACLs
this feature were introduced with WLC firmware release 4.0.
Go through below link for further configuration detail.
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/71978-acl-wlc.html#cpuacl
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: