Configuring And Applying Access Control Lists - Cisco 2100 Series Configuration Manual
Wireless lan controller
Hide thumbs
Also See for 2100 Series:
- Configuration manual (50 pages) ,
- Quick start manual (12 pages) ,
- Quick start manual (49 pages)
Table of Contents
Advertisement
Configuring and Applying Access Control Lists
Use these commands to configure DHCP option 82 on the controller.
1.
2.
3.
Configuring and Applying Access Control Lists
An access control list (ACL) is a set of rules used to limit access to a particular interface (for example,
if you want to restrict a wireless client from pinging the management interface of the controller). After
ACLs are configured on the controller, they can be applied to the management interface, the AP-manager
interface, any of the dynamic interfaces, or a WLAN to control data traffic to and from wireless clients
or to the controller central processing unit (CPU) to control all traffic destined for the CPU.
You may also want to create a preauthentication ACL for web authentication. Such an ACL could be used
to allow certain types of traffic before authentication is complete.
If you are using an external web server with a 2100 series controller or the controller network module
Note
within a Cisco 28/37/38xx Series Integrated Services Router, you must configure a preauthentication
ACL on the WLAN for the external web server.
You can define up to 64 ACLs, each with up to 64 rules (or filters). Each rule has parameters that affect
its action. When a packet matches all of the parameters for a rule, the action set for that rule is applied
to the packet.
All ACLs have an implicit "deny all rule" as the last rule. If a packet does not match any of the rules, it
Note
is dropped by the controller.
Cisco Wireless LAN Controller Configuration Guide
5-54
To configure the format of the DHCP option 82 payload, enter one of these commands:
config dhcp opt-82 remote-id ap_mac
–
This command adds the MAC address of the access point to the DHCP option 82 payload.
config dhcp opt-82 remote-id ap_mac:ssid
–
This command adds the MAC address and SSID of the access point to the DHCP option 82
payload.
To enable or disable DHCP option 82 on the controller, enter this command:
config interface dhcp ap-manager opt-82 {enable | disable}
To see the status of DHCP option 82 on the controller, enter this command:
show interface detailed ap-manager
Information similar to the following appears:
Interface Name................................... ap-manager
IP Address....................................... 10.30.16.13
IP Netmask....................................... 255.255.248.0
IP Gateway....................................... 10.30.16.1
VLAN............................................. untagged
Active Physical Port............................. LAG (29)
Primary Physical Port............................ LAG (29)
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 10.1.0.10
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Enabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Chapter 5
Configuring Security Solutions
OL-17037-01
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
