Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WLC ACL Problem

Hi all,

I'm having problems when trying to apply an ACL to my WLC dynamic interfaces. I have three WLANs that I wish to keep separated and am using ACLs that I have configured on the controller, the only problem is they don't seem to work!

Ping test from 10.201.32.11 on WLAN1 to 10.201.27.41 on WLAN2 works and the current ACL is below:

     1 Out     10.201.32.0/255.255.252.0       10.201.24.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
     2  In     10.201.24.0/255.255.252.0       10.201.32.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
     3 Out     10.201.32.0/255.255.252.0       10.201.28.0/255.255.255.0    Any     0-65535     0-65535  Any   Deny           0
     4  In     10.201.28.0/255.255.255.0       10.201.32.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
     5 Out     10.201.32.0/255.255.252.0     192.168.200.0/255.255.255.224  Any     0-65535     0-65535  Any   Deny           0
     6  In   192.168.200.0/255.255.255.224     10.201.32.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
     7 Any         0.0.0.0/0.0.0.0                 0.0.0.0/0.0.0.0          Any     0-65535     0-65535  Any Permit          69

 DenyCounter : 0

Each WLAN is sat on its own separate dynamic interface and own unique subnet.

Any suggestions would be most appreciated.

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Hi,Keep in mind the direction

Hi,

Keep in mind the direction of the ACL.

In means from client destined  to WLC

Out means from WLC destined to client.

It should look like this:

Index  Dir       IP Address/Netmask              IP Address/Netmask        Prot    Range       Range    DSCP  Action      Counter
------ --- ------------------------------- ------------------------------- ---- ----------- ----------- ----- ------- -----------
     1  In     10.201.32.0/255.255.252.0       10.201.24.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
     2 Out     10.201.24.0/255.255.252.0       10.201.32.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0

 

Don't forget to apply the ACL on interface or on WLAN.

 

Regards,

Christos.

1 REPLY

Hi,Keep in mind the direction

Hi,

Keep in mind the direction of the ACL.

In means from client destined  to WLC

Out means from WLC destined to client.

It should look like this:

Index  Dir       IP Address/Netmask              IP Address/Netmask        Prot    Range       Range    DSCP  Action      Counter
------ --- ------------------------------- ------------------------------- ---- ----------- ----------- ----- ------- -----------
     1  In     10.201.32.0/255.255.252.0       10.201.24.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0
     2 Out     10.201.24.0/255.255.252.0       10.201.32.0/255.255.252.0    Any     0-65535     0-65535  Any   Deny           0

 

Don't forget to apply the ACL on interface or on WLAN.

 

Regards,

Christos.

42
Views
5
Helpful
1
Replies
CreatePlease to create content