Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-08-2019 04:17 PM
Hi everyone
I need help to filter https wlan traffic to controller for they clients do not access to GUI administration my configuration is this but do not work, my controller is RFS4000 with Wing 5.9.2
rfs4000-FB845F(config)#ip access-list DenyAcces_in
deny tcp 192.168.1.0/24 eq 80 host 10.10.1.210 eq www log rule-precedence 2
deny tcp 192.168.1.0/24 eq 443 host 192.168.1.1 eq https log rule-precedence 3
deny tcp 192.168.1.0/24 eq 443 host 10.10.1.210 eq https log rule-precedence 4
deny tcp 192.168.1.0/24 eq 80 host 192.168.1.1 eq www log rule-precedence 5
deny udp 192.168.1.0/24 eq 80 host 192.168.1.1 eq www rule-precedence 6
deny udp 192.168.1.0/24 eq 443 host 192.168.1.1 eq https log rule-precedence 7
deny udp 192.168.1.0/24 eq 443 host 10.10.1.210 eq https log rule-precedence 8
deny udp 192.168.1.0/24 eq 80 host 10.10.1.210 eq www log rule-precedence 9
permit ip any any log rule-precedence 10
rfs4000-FB845F(config)#wlan wiffi
rfs4000-FB845F(config-wlan-wiffi)#use ip-access-list FabrilAdmin
Can us see What configuration is bad or my error?
Thanks
I need help to filter https wlan traffic to controller for they clients do not access to GUI administration my configuration is this but do not work, my controller is RFS4000 with Wing 5.9.2
rfs4000-FB845F(config)#ip access-list DenyAcces_in
deny tcp 192.168.1.0/24 eq 80 host 10.10.1.210 eq www log rule-precedence 2
deny tcp 192.168.1.0/24 eq 443 host 192.168.1.1 eq https log rule-precedence 3
deny tcp 192.168.1.0/24 eq 443 host 10.10.1.210 eq https log rule-precedence 4
deny tcp 192.168.1.0/24 eq 80 host 192.168.1.1 eq www log rule-precedence 5
deny udp 192.168.1.0/24 eq 80 host 192.168.1.1 eq www rule-precedence 6
deny udp 192.168.1.0/24 eq 443 host 192.168.1.1 eq https log rule-precedence 7
deny udp 192.168.1.0/24 eq 443 host 10.10.1.210 eq https log rule-precedence 8
deny udp 192.168.1.0/24 eq 80 host 10.10.1.210 eq www log rule-precedence 9
permit ip any any log rule-precedence 10
rfs4000-FB845F(config)#wlan wiffi
rfs4000-FB845F(config-wlan-wiffi)#use ip-access-list FabrilAdmin
Can us see What configuration is bad or my error?
Thanks
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-08-2019 04:48 PM
Mario, the IP ACL should look like this:
(Looking at what you have and what I'm stating, it appears that your setup SHOULD be working)
If your RFS4000 is 10.10.1.210 and you want to keep wireless users on the 192.168.1.0/24 network from access the controller, it would look like this:
(For HTTPS - TCP)
deny tcp 192.168.1.0/24 host 10.10.1.210 eq https log rule-precedence 1 rule-description Block HTTPS wireless access to RFS4000
(For HTTP - TCP)
deny tcp 192.168.1.0/24 host 10.10.1.210 eq http log rule-precedence 2 rule-description Block HTTP wireless access to RFS4000
(Repeat for UDP access)
And then your allow rule for anything else:
permit ip any any log rule-precedence 10
Then, in the WLAN profile, enter:
use ip-access-list in "Name of Rule created to block"
(Looking at what you have and what I'm stating, it appears that your setup SHOULD be working)
If your RFS4000 is 10.10.1.210 and you want to keep wireless users on the 192.168.1.0/24 network from access the controller, it would look like this:
(For HTTPS - TCP)
deny tcp 192.168.1.0/24 host 10.10.1.210 eq https log rule-precedence 1 rule-description Block HTTPS wireless access to RFS4000
(For HTTP - TCP)
deny tcp 192.168.1.0/24 host 10.10.1.210 eq http log rule-precedence 2 rule-description Block HTTP wireless access to RFS4000
(Repeat for UDP access)
And then your allow rule for anything else:
permit ip any any log rule-precedence 10
Then, in the WLAN profile, enter:
use ip-access-list in "Name of Rule created to block"
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-08-2019 05:07 PM
Thanks, yes, When I saw your answer, I look my configuration and this part is wrong, deny tcp 192.168.1.0/24 eq 80, I bad use the port to exit, since it was to place all the output ports,
finally the rule was as you mention, It is work now
finally the rule was as you mention, It is work now
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-08-2019 04:48 PM
Mario, the IP ACL should look like this:
(Looking at what you have and what I'm stating, it appears that your setup SHOULD be working)
If your RFS4000 is 10.10.1.210 and you want to keep wireless users on the 192.168.1.0/24 network from access the controller, it would look like this:
(For HTTPS - TCP)
deny tcp 192.168.1.0/24 host 10.10.1.210 eq https log rule-precedence 1 rule-description Block HTTPS wireless access to RFS4000
(For HTTP - TCP)
deny tcp 192.168.1.0/24 host 10.10.1.210 eq http log rule-precedence 2 rule-description Block HTTP wireless access to RFS4000
(Repeat for UDP access)
And then your allow rule for anything else:
permit ip any any log rule-precedence 10
Then, in the WLAN profile, enter:
use ip-access-list in "Name of Rule created to block"
(Looking at what you have and what I'm stating, it appears that your setup SHOULD be working)
If your RFS4000 is 10.10.1.210 and you want to keep wireless users on the 192.168.1.0/24 network from access the controller, it would look like this:
(For HTTPS - TCP)
deny tcp 192.168.1.0/24 host 10.10.1.210 eq https log rule-precedence 1 rule-description Block HTTPS wireless access to RFS4000
(For HTTP - TCP)
deny tcp 192.168.1.0/24 host 10.10.1.210 eq http log rule-precedence 2 rule-description Block HTTP wireless access to RFS4000
(Repeat for UDP access)
And then your allow rule for anything else:
permit ip any any log rule-precedence 10
Then, in the WLAN profile, enter:
use ip-access-list in "Name of Rule created to block"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎02-08-2019 04:19 PM
Sorry my last command is bad this is my really command
rfs4000-FB845F(config-wlan-fabril-wiffi)#use ip-access-list in DenyAcces_in
rfs4000-FB845F(config-wlan-fabril-wiffi)#use ip-access-list in DenyAcces_in
