Wireless LAN Controller ACLs
How it functions:
The following group of screenshots represents the ACL that allows any traffic to the Internet and rejects any traffic destined to LAN resources.
To start configuring ACLs go to Security - Access Lists.
Before a host can operate with network traffic it needs a dynamic IP address. A DHCP client uses UDP port 67 to request an IP address and the DHCP server uses UDP port 68 to provide the answer.
The following screenshot shows how to allow inbound and outbound DHCP traffic on a Wireless LAN Controller (WLC). Pay attention to Source Port and Dest Port configuration as it varies depending on whether the traffic is inbound or outbound and whether the traffic is Inbound or Outbound
On the next screenshot we deny all LAN traffic:
And on the final screenshot we allow all the rest destination points including all the Internet resources:
In order to assign the ACL to an interface, go to dynamic interface configuration menu.By privilege15