Hi Jason,
In DSG for LAB 3.2 (Configuring SSIDs and MBSSIDs) in order to restrict all traffic except HTTP and HTTPS to the proxy server you apply the ACL to Dot0.11 subinterface. In fact, you actually don't have to do that. Configuration Guide says: "(Optional) Specify an ACL to apply to the redirection of packets. Only packets sent to the specific UDP or TCP ports defined in the ACL are redirected. The access point discards all received packets that do not match the settings defined in the ACL. The in parameter specifies that the ACL is applied to the access point's incoming interface." Hence we only have to specify the ACL in ssid definition like this: dot11 ssid Test1 vlan HQGuest1 authentication open ip redirection host 10.10.210.6 access-group Web in and no need to apply the ACL to sub-if as your DSG suggested: interface do0.11 encapsulation dot1q 11 bridge-group 11 ip access-group HTTP in I've also checked it in my lab, it works as expected.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
