Hi,
I'm trying to figure out how the ACL works when you enable both
wireless and wired mode of the CPU ACL mode. When you setup an acl
with inbound permit, does it apply this single ACL rule on both the
LAN facing "wired" and the Client facing "wireless"?
Another example, if I setup and apply this rule:
<src add> <dest add> <protocol> <src prt> <dest prt> <direction> <action>
1 any any udp dns any any permit
2 any any udp any dns any permit
Does rule 1 means the WLC permit wireless client requesting DNS
service to any dns server and at the same time also means that the WLC
(mgmt) also can request DNS service from any dns server on the LAN
side? I read on some ccie candidate's blog that when you set any any
to the src and dest addresses, the direction will be "any" regardless
of the set direction.
Also do i need to apply rule 2 so that return traffic from the LAN
side is permitted to the WLC, as well as from the WLC to the Wireless
client?
Very puzzling, as I think the rules for a full session needs to be
applied in both direction as applying only in 1 direction can cause a
problem with the other direction due to implicit deny. This confuses
further when you apply both wired and wireless cpu acl mode.
Any ideas?
Alvin B
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
