5-8
Cisco Wireless LAN Controller Configuration Guide
OL-9141-03
Chapter 5 Configuring Security Solutions
Configuring Access Control Lists
Use these commands to configure DHCP option 82 on the controller.
1. To configure the format of the DHCP option 82 payload, enter one of these commands:
–
config dhcp opt-82 remote-id ap_mac
This command adds the MAC address of the access point to the DHCP option 82 payload.
–
config dhcp opt-82 remote-id ap_mac:ssid
This command adds the MAC address and SSID of the access point to the DHCP option 82
payload.
2. To enable or disable DHCP option 82 on the controller, enter this command:
config interface dhcp ap-manager opt-82 {enable | disable}
3. To see the status of DHCP option 82 on the controller, enter this command:
show interface detailed ap-manager
Information similar to the following appears:
Interface Name................................... ap-manager
IP Address....................................... 10.30.16.13
IP Netmask....................................... 255.255.248.0
IP Gateway....................................... 10.30.16.1
VLAN............................................. untagged
Active Physical Port............................. LAG (29)
Primary Physical Port............................ LAG (29)
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 10.1.0.10
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Enabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Configuring Access Control Lists
An access control list (ACL) is a set of rules used to limit access to a particular interface (for example,
if you want to restrict a wireless client from pinging the management interface of the controller). ACLs
can be applied to data traffic to and from wireless clients or to all traffic destined for the controller CPU.
After they are defined, ACLs can be applied to the management interface, the AP-manager interface, or
any of the dynamic interfaces for client data traffic or to the NPU interface for traffic to the controller
CPU.
Note If you are using an external web server, you must configure a preauthentication ACL on the WLAN for
the external web server.
You can define up to 64 ACLs, each with up to 64 rules (or filters). Each rule has parameters that affect
its action. When a packet matches all of the parameters for a rule, the action set for that rule is applied
to the packet.
You can configure ACLs through either the GUI or the CLI.
To Next Page
Loading...
Need help?
General
