SIDESHOWBLAH
asked on
cisco WLC 4402 and ACLs
I have a WLC 4402 with a dozen LW1130s and would like see how to open some things up on the Guest network. I can find no ACLs on the WLC, under Security > Acess Control LIstsm there are none listed. But I want to test an application that needs a few UDP & TCP ports open to talk between wireless iPads. I am assuming that the WLC is blocking all of the traffic between peers on the Guest WLAN, but am not sure. Can anyone tell me if that is the default for the Guest network, to block all internal traffic between peers? And how can I define a port to allow traffic between clients on the guest network? Thanks
Yup, Guest WLANs are regular WLANs, SSID-wise.
To stop clients from seeing each-other there's an option called 'P2P Blocking Action' which stops all clients on the same AP from seeing each-other. You'll find this option on the WLAN's 'Advanced' tab...
Set that to 'Disabled' and it will allow clients to see eachother.
Note though that this doesn't stop a client from seeing a client on another AP unless the 'Forward-Upstream' option is set and there is an ACL at the upstream router.
To stop clients from seeing each-other there's an option called 'P2P Blocking Action' which stops all clients on the same AP from seeing each-other. You'll find this option on the WLAN's 'Advanced' tab...
Set that to 'Disabled' and it will allow clients to see eachother.
Note though that this doesn't stop a client from seeing a client on another AP unless the 'Forward-Upstream' option is set and there is an ACL at the upstream router.
ASKER
Thanks. So to allow clients to see each other, the P2P Blocking Action should be set to Disabled. But then to allow traffic between APs, what would be the desired setting?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I use just regular SSIDs and VLANs for my guest wifi. If you're referring to the "Guest LAN" check box in the controller, I believe this is for extending the guest network functionality from the wireless to the wired LAN as well.
ACLs are managed under Security -> Access Control Lists (Left hand menu) -> Access Control Lists. This is where I manage all of my wireless ACLs.