03-06-2007 05:43 AM - edited 07-03-2021 01:44 PM
I will have some outside vendors and support staff using wireless from inside my network. In order to try and setup a "secure" net for them to use that is segmented from the rest of my network, I created a new vlan (pspf enabled) and ssid for them. On the vlan I have setup and acl and applied it to the incoming traffic. Here it is:
10 permit icmp any any
20 permit udp any eq bootpc any
30 deny tcp any 10.0.0.0 0.255.255.255
40 deny udp any 10.0.0.0 0.255.255.255
50 permit tcp any any eq www
60 permit tcp any any eq 443
70 permit udp any any eq domain
80 deny ip any any log
I have tested it briefly and it appears to be doing what I want, any recommendations on tweaks?
dave
03-10-2007 02:36 AM
Hi dave,
Yaa your condition is correct ,You can add the follwoing condition insted of using
'20 permit udp any eq bootpc any'
new
'20 permit udp any any eq bootps'
are you allowing any telnet,SSH seesion ?,If then apply the condition for the same or block the same.
Regads
Saji k.s
03-10-2007 02:38 AM
Hi dave,
Apply this command.
permit udp any any eq bootpc
Regds
saji k.s
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide