cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1795
Views
0
Helpful
4
Replies

ACL to Block Guest Wireless Users

thinkuplink
Level 1
Level 1

Hello,

Need assistance troubleshooting guest wireless access from being blocked by ACL.

Customer is using UC520 and AP541N.  We want to block traffic from VLAN 10 (172.16.10.0/24) to VLAN 1 (192.168.10.0/24).  We have tried inbound and outbound ACLs, but I don't see any traffice matches.  Below is the configuration.

UC520

UC500 Advanced IP Services IOS version 15.1(4)M5

ACL applied to VLAN 1 inbound:

Extended IP access list 102

    10 permit udp any host 192.168.10.1 eq non500-isakmp

    20 permit udp any host 192.168.10.1 eq isakmp

    30 permit esp any host 192.168.10.1

    40 permit ahp any host 192.168.10.1

    50 deny ip 172.16.10.0 0.0.0.255 any

    60 deny ip 10.1.10.0 0.0.0.3 any

    70 deny ip 10.1.1.0 0.0.0.255 any

    80 deny ip host 255.255.255.255 any

    90 deny ip 127.0.0.0 0.255.255.255 any

    100 permit ip any any (3375999 matches)

ACL applied to VLAN 10 outbound

Extended IP access list 106

    10 deny ip 172.16.10.0 0.0.0.255 192.168.10.0 0.0.0.255

    20 permit ip any any (38 matches)

AP541N

Software version 9-2.0(2)

VAP 0 maps to VLAN 1

VAP 1 maps to VLAN 10

The link between the UC520 and AP541N is setup as a trunk.

Please let me know if you require more information to troubleshoot.  Thanks in advance!

1 Accepted Solution

Accepted Solutions

Hi Brad,

Please try to apply ACL 106 to to vlan 10 inbound:

ip access-group 106 in

HTH,

Alex

*Please rate helpful posts

View solution in original post

4 Replies 4

Hi Brad,

Please try to apply ACL 106 to to vlan 10 inbound:

ip access-group 106 in

HTH,

Alex

*Please rate helpful posts

That worked, Alex.  Thank you!

Hello Brad,

I am glad that you got the desired result.

Thank you for the feedback and the rating!

Best regards,

Alex

ajamore60
Level 1
Level 1

Shouldn't this be applied to the BVI10 interface on the UC520 for VLAN10?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: