I have set an AP up that has direct WAN connection and uses NAT for the MU’s inside to get to the WAN outside with help from Tomasz ( thankyou ) , However as soon as it connects the attempted access starts and port scans from all different IP’s and trying all sorts of usernames and passwords, So is it possible to remove access to SSH /HTTPS etc on VLAN 2 only and set it so the AP does not respond to ICMP on that VLAN to ?
I have seen this as an example which will block everything else than IP protocol packet for destination IP address 10.0.0.2, But not sure this is what I need?
Enter configuration commands, one per line. End with CNTL/Z.
VX(config)# ip access-list LIMIT-ALL
VX(config-ip-acl-LIMIT-ALL)# permit ip any host 10.0.0.2 rule-precedence 10
VX(config-ip-acl-LIMIT-ALL)# deny ip any any rule-precedence 15
VX(config-ip-acl-LIMIT-ALL)# show context
ip access-list LIMIT-ALL permit ip any host 10.0.0.2 rule-precedence 10 deny ip any any rule-precedence 15
VX(config-wlan-LIMIT-ALL)# use ip-access-list in LIMIT-ALL VX(config-wlan-LIMIT-ALL)# commit write
access to the AP via CLI port on the AP can be done is local but would still like to access via HTTPS from Vlan 100 which is inside ( NAT)