Any other type of packets cannot be blocked. IP packets (Ethertype) are the only packet inspected by the ACL. You cannot log packets that matches ACL line (not like an IOS ACL)ģ. You can define up to 64 ACL each with up to 64 rules.Ģ. Keep in mind following restrictions in WLC ACLġ. Remember that implicit deny any any rule exist here as well. DSCP : Allows you to specify DSCP values to match in the IP packet header.Ħ. Source/Destination Port : Can only be specified for TCP or UDP protocol. Protocol : Options are Any, TCP (6), UDP(17), ICMP (1), ESP (50). (in otherwords mask bit 1 mean “exact match”, mask bit 0 for “ignore”ģ. In WLC ACL 255 means match exactly the octet, while 0 is a wildcard. Source/Destination with Mask : Mask in a WLC ACL is not like the wildcard or inverse mask uses in IOS ACL. Any direction should only be used in specific situations where you want to block or allow a specific IP protocol or port in both directions.Ģ. – Any: IP packets sourced from the wireless client and destined to the wireless client are inspected to see if they match ACL lines. – Outbound:IP packets destined to the wireless client are inspected to see if they match ACL lines – Inbound: IP packets sourced from the wireless client are inspected to see if they match ACL lines CPU ACL needs to apply either inbound or any direction. Inbound, Outbound and Any.These directions are taken from a position relative to the WLC & not the wireless client. Here are the basic rules for ACL on a WLC.ġ. There are two types of ACL available in WLC.
0 Comments
Leave a Reply. |