Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Locking down guest wireless network

I have a Cisco 5508 WLC with a guest network set up on it. The WLAN uses local authentication and grants access through an ASA to the Internet.


I just found out that the customer now wants to limit where wireless clients can go on the Internet by URL, etc. Since the wireless clients have to use the WLC as a proxy in order to join the network, I am not sure the best way to accomplish this.


How is this typically done in a reasonable and economical manner?

Community Member

You will need a content

You will need a content filter.  If there is not too many users/bandwidth then you could use a Meraki MX60 ($495 list) or MX80 ($1995) to filter the traffic.

Community Member

Since the wireless users have

Since the wireless users have to use the WLC for a proxy, how would the Meraki filter URLs?


Can it do wccp? Some kind of transparent proxy function?

Community Member

The WLC only does the proxy

The WLC only does the proxy for the Web-auth, after the user has successfully authenticated there is no more proxy.  Be careful when setting up web filtering for Web-auth if the web page the station is trying to hit can not be resolved by DNS then the Web-auth page will fail to come up.

I hope this helps.



Hi,For this case we have


For this case we have option  CPU ACLs

this feature were introduced with WLC firmware release 4.0.

Go through below link for further configuration detail.


CreatePlease to create content