ZBISE14 – Cisco ISE Creating WLC ACLs on Your vWLC

We are moving on up in the world!!  Today starts our first installment of our Wireless ISE Use Cases!! I love making progress!  Today we are specifically going to cover creating our WLC ACLs for all of our Wireless (WLAN) use cases. All aboard, the train is leaving the station!!! 🙂

---

Network and Server Diagram:

Here is our reference diagram that we will be using throughout this blog series.

---

Related Posts:

If you haven’t seen these posts yet, you should check them out

• ZBISE15 – Cisco ISE Wireless Authorization Profiles
• ZBISE14 – Cisco ISE Creating WLC ACLs on Your vWLC
• ZBISE13 – Cisco ISE Cisco Access Point with MAB Auth on Wired
• ZBISE12 – Cisco ISE XBOX One with MAB Auth on Wired
• ZBISE11 – Cisco ISE Cisco VoIP Phone with MAB Auth on Wired
• Cisco ISE EAP-TLS 802.1x Auth – EAP-TLS Wired Use Cases – ZBISE10
• ZBISE09 – Cisco ISE 802.1x Auth – PEAP Wired Use Cases
• ZBISE08 – Cisco ISE Wired Authorization Profiles
• ZBISE07 – Cisco ISE Adding Network Access Devices (NADs) – Cisco vWLC
• ZBISE06 – Cisco ISE Adding Network Access Devices (NADs) – Cisco Switch
• ZBISE05 – Virtual Wireless LAN Controller (vWLC) Install
• ZBISE04 – Cisco ISE Adding the ISE Cluster to Active Directory
• ZBISE03 – Overview of our Cisco ISE Use Cases for the ZBISE Blog Series
• ZBISE02 – Building a Cisco ISE Distributed Cluster
• ZBISE01 – Basic Cisco ISE VM Installation

---

WLAN Use Cases

Here is our Wireless Use Cases table for reference as we go through today’s installment of creating our WLC ACLs on a vWLC.

---

1. Introducing WLC ACLs!

There is a difference between wired and wireless when it comes to ACLs. If you have been following our ZBISE Blog Series thus far you know that Wired ACLs can be created in ISE and downloaded to the Network Switches as needed or requested.  The wireless side is a little different.  We have to create our Wireless ACLs on each Wireless LAN Controller. Once the WLC ACLs have been created, they then can be called by ISE to be applied to an authenticated session on the Wireless LAN Controller.

---

2. Local vs. Flexconnect WLC ACLs

The WLC ACLs are normally just called Local or standard ACLs.  For our Lab environment though, and a lot of real world Wireless ISE Deployments I have completed and you will complete, you will be using Access Points that are associated to the Wireless LAN Controller in what is known as Flexconnect Mode.  When an AP is configured for Flexconnect Mode rather than Local mode, a clients traffic is no longer tunneled back to the Wireless LAN Controller. Because we are using a Virtual Wireless LAN Controller in our Lab, we are limited to using Flexconnect mode, as the Virtual Wireless LAN Controller doesn’t support local mode.  In regards to our WLC ACLs we have to create specific Flexconnect ACLs rather than standard ACLs.

Note:  In the past there have been Bugs that have effected which ACL (Standard vs. Flexconnect) is used incorrectly.  Because of this it has been a general practice of mine to create the same WLC ACL both Standard and Flexconnect with the same name.

---

3. WLC ACLs limitations

There are a number of limitations and guidelines when it comes to WLC ACLs.  One of the limitation is how many lines can be inserted into a WLC ACL.  This may change depending on the version of Wireless LAN Controller you are running.  For the version we are running we are limited to 64 entries in each of our WLC ACLs.  This may seem like a lot but I have hit this limit a number of times in real world deployments and it can be a limiting factor.

In addition to the 64 entries limitation, there is a direction element for each entry of the WLC ACL that can be difficult to understand.  Here is the Wireless LAN Controller wording around it.

You can define up to 64 ACLs, each with up to 64 rules (or filters). Each rule has parameters that affect its action. When a packet matches all of the parameters for a rule, the action set for that rule is applied to the packet. You can configure ACLs through either the GUI or the CLI.

These are some of the rules you need to understand before you configure an ACL on the WLC:

• If the source and destination are any, the direction in which this ACL is applied can be any.
• If either the source or destination are not any, then the direction of the filter must be specified, and an inverse statement in the opposite direction must be created.
• The WLC’s notion of inbound versus outbound is nonintuitive. It is from the perspective of the WLC facing towards the wireless client, rather than from the perspective of the client. So, inbound direction means a packet that comes into the WLC from the wireless client and outbound direction means a packet that exits from the WLC towards the wireless client.
• There is an implicit deny at the end of the ACL.

Source: Cisco WLC WLAN Security WLC ACL

---

4. Creating WLC ACLs can be cumbersome

Now we are going to walk through creating a simple WLC ACL.  We are going to call it SIMPLE_WLC_ACL (I know I know, no imagination over here with this one). We are going to configure the WLC ACL to do the following:

• Allow DHCP
• Allow DNS
• Allow ISE (PSNs)
• Deny RFC1918
• Allow Internet

1. Creation of a WLC ACL via WLC GUI

To create our SIMPLE_WLC_ACL via the GUI we need to first log into our WLC.

Once logged into our WLC, we will want to traverse to Security -> Access Control Lists -> Access Control Lists.

Click the Security Menu.

Expand the side menu Access Control Lists.

Under the side menu Access Control Lists, click Access Control Lists.

Now we are going to click New to start the process of creating a new WLC ACL.

The first item we are asked is what the WLC ACL name should be.  Here we named it SIMPLE_WLC_ACL.

Once the name has been saved, we are brought back to the WLC ACL table screen.  We need to add entries into this new ACL, so lets click on the name of the ACL which is a link to edit it.

Here we see what the ACL is currently configured for, which is nothing right now.  On the top right of the screen lets Click the button that says Add New Rule.

You will now be brought to the Rule Creation form as show below.  For each Rule within a WLC ACL you will need to select options and values for all of these parameters.  Once you have the Rule the way you want it, you can click the Apply button at the top right of the screen.

After hitting the Apply button on that rule, you will be brought back to the ACL Table screen that shows all current Rules in the ACL.  For right now, we only have one Rule in our ACL so its the only one shown.  We are going to be repeating this process of creating rules until we have every element we wanted into our ACL.  This repetitive process can be tedious within the GUI.  For this Simple WLC ACL, we will have 12 rules and if you actually go through the process of creating them all within the GUI, as shown below, it can take sometime.  Think about how long this might take if you had 64 Rules in your ACL?

Here is Rule two of our SIMPLE_WLC_ACL:

Here is Rule three of our SIMPLE_WLC_ACL:

Here is Rule four of our SIMPLE_WLC_ACL:

Here is Rule five of our SIMPLE_WLC_ACL:

Here is Rule six of our SIMPLE_WLC_ACL:

Here is Rule seven of our SIMPLE_WLC_ACL:

Here is Rule eight of our SIMPLE_WLC_ACL:

Here is Rule nine of our SIMPLE_WLC_ACL:

Here is Rule ten of our SIMPLE_WLC_ACL:

Here is Rule eleven of our SIMPLE_WLC_ACL:

Here is Rule twelve of our SIMPLE_WLC_ACL:

After all of that hopefully you can get an idea of how possibly painful creating a lot of rather long and complicated WLC ACLs can be. Lets see if we can find an easier way shall we??? 🙂

2. Creation of a WLC ACL via WLC CLI

Our next option for creating WLC ACLs is via the WLC CLI.  Now I will say this is very different than an IOS ACL syntax. The easiest way is just to show you.

We first need to log into our WLC via SSH.

Once logged into our WLC we will need to go into the configuration mode and create our ACL with the “acl create SIMPLE_WLC_ACL” command as show below.

Now with our ACL created, we will need to add a Rule into our ACL.  When adding a new rule into an ACL via CLI, it requires 9 lines of commands as shown below. If we do some quick math for our current ACL that is going to require 12 rules at 9 configuration lines a piece that will end up being 108 plus two more lines for the ACL creation and then finally Applying the ACL.  Thats 110 lines of configuration for a very simple and short ACL.

acl rule add SIMPLE_WLC_ACL 1
acl rule action SIMPLE_WLC_ACL 1 permit
acl rule source address SIMPLE_WLC_ACL 1 0.0.0.0 0.0.0.0
acl rule source port range SIMPLE_WLC_ACL 1 68 68
acl rule destination address SIMPLE_WLC_ACL 1 0.0.0.0 0.0.0.0
acl rule destination port range SIMPLE_WLC_ACL 1 67 67
acl rule direction SIMPLE_WLC_ACL 1 any
acl rule dscp SIMPLE_WLC_ACL 1 any
acl rule protocol SIMPLE_WLC_ACL 1 17

Below is a screenshot showing this first ACL rule being adding to the SIMPLE_WLC_ACL via the WLC CLI.

As you go through this experience and process of creating WLC ACLs via the WLC CLI, there are two commands that might come in handy: “show acl summary” and “show acl detailed <ACL_NAME>”

Here is a screenshot of the first command, “show acl summary”

Here is a screenshot of the second command, “show acl detailed SIMPLE_WLC_ACL”

Now lets configure the rest of our SIMPLE_WLC_ACL Rules 2 – 12.

Below is the full WLC ACL syntax for each rule within our SIMPLE_WLC_ACL.

acl rule add SIMPLE_WLC_ACL 2
acl rule action SIMPLE_WLC_ACL 2 permit
acl rule source address SIMPLE_WLC_ACL 2 0.0.0.0 0.0.0.0
acl rule source port range SIMPLE_WLC_ACL 2 67 67
acl rule destination address SIMPLE_WLC_ACL 2 0.0.0.0 0.0.0.0
acl rule destination port range SIMPLE_WLC_ACL 2 68 68
acl rule direction SIMPLE_WLC_ACL 2 any
acl rule dscp SIMPLE_WLC_ACL 2 any
acl rule protocol SIMPLE_WLC_ACL 2 17

acl rule add SIMPLE_WLC_ACL 3
acl rule action SIMPLE_WLC_ACL 3 permit
acl rule source address SIMPLE_WLC_ACL 3 0.0.0.0 0.0.0.0
acl rule source port range SIMPLE_WLC_ACL 3 53 53
acl rule destination address SIMPLE_WLC_ACL 3 0.0.0.0 0.0.0.0
acl rule destination port range SIMPLE_WLC_ACL 3 0 65535
acl rule direction SIMPLE_WLC_ACL 3 any
acl rule dscp SIMPLE_WLC_ACL 3 any
acl rule protocol SIMPLE_WLC_ACL 3 17

acl rule add SIMPLE_WLC_ACL 4
acl rule action SIMPLE_WLC_ACL 4 permit
acl rule source address SIMPLE_WLC_ACL 4 0.0.0.0 0.0.0.0
acl rule source port range SIMPLE_WLC_ACL 4 0 65535
acl rule destination address SIMPLE_WLC_ACL 4 0.0.0.0 0.0.0.0
acl rule destination port range SIMPLE_WLC_ACL 4 53 53
acl rule direction SIMPLE_WLC_ACL 4 any
acl rule dscp SIMPLE_WLC_ACL 4 any
acl rule protocol SIMPLE_WLC_ACL 4 17

acl rule add SIMPLE_WLC_ACL 5
acl rule action SIMPLE_WLC_ACL 5 permit
acl rule source address SIMPLE_WLC_ACL 5 172.16.10.203 255.255.255.255
acl rule source port range SIMPLE_WLC_ACL 5 0 65535
acl rule destination address SIMPLE_WLC_ACL 5 0.0.0.0 0.0.0.0
acl rule destination port range SIMPLE_WLC_ACL 5 0 65535
acl rule direction SIMPLE_WLC_ACL 5 out
acl rule dscp SIMPLE_WLC_ACL 5 any
acl rule protocol SIMPLE_WLC_ACL 5 any

acl rule add SIMPLE_WLC_ACL 6
acl rule action SIMPLE_WLC_ACL 6 permit
acl rule source address SIMPLE_WLC_ACL 6 0.0.0.0 0.0.0.0
acl rule source port range SIMPLE_WLC_ACL 6 0 65535
acl rule destination address SIMPLE_WLC_ACL 6 172.16.10.203 255.255.255.255
acl rule destination port range SIMPLE_WLC_ACL 6 0 65535
acl rule direction SIMPLE_WLC_ACL 6 in
acl rule dscp SIMPLE_WLC_ACL 6 any
acl rule protocol SIMPLE_WLC_ACL 6 any

acl rule add SIMPLE_WLC_ACL 7
acl rule action SIMPLE_WLC_ACL 7 permit
acl rule source address SIMPLE_WLC_ACL 7 172.16.10.204 255.255.255.255
acl rule source port range SIMPLE_WLC_ACL 7 0 65535
acl rule destination address SIMPLE_WLC_ACL 7 0.0.0.0 0.0.0.0
acl rule destination port range SIMPLE_WLC_ACL 7 0 65535
acl rule direction SIMPLE_WLC_ACL 7 out
acl rule dscp SIMPLE_WLC_ACL 7 any
acl rule protocol SIMPLE_WLC_ACL 7 any

acl rule add SIMPLE_WLC_ACL 8
acl rule action SIMPLE_WLC_ACL 8 permit
acl rule source address SIMPLE_WLC_ACL 8 0.0.0.0 0.0.0.0
acl rule source port range SIMPLE_WLC_ACL 8 0 65535
acl rule destination address SIMPLE_WLC_ACL 8 172.16.10.204 255.255.255.255
acl rule destination port range SIMPLE_WLC_ACL 8 0 65535
acl rule direction SIMPLE_WLC_ACL 8 in
acl rule dscp SIMPLE_WLC_ACL 8 any
acl rule protocol SIMPLE_WLC_ACL 8 any

acl rule add SIMPLE_WLC_ACL 9
acl rule action SIMPLE_WLC_ACL 9 deny
acl rule source address SIMPLE_WLC_ACL 9 0.0.0.0 0.0.0.0
acl rule source port range SIMPLE_WLC_ACL 9 0 65535
acl rule destination address SIMPLE_WLC_ACL 9 10.0.0.0 255.0.0.0
acl rule destination port range SIMPLE_WLC_ACL 9 0 65535
acl rule direction SIMPLE_WLC_ACL 9 in
acl rule dscp SIMPLE_WLC_ACL 9 any
acl rule protocol SIMPLE_WLC_ACL 9 any

acl rule add SIMPLE_WLC_ACL 10
acl rule action SIMPLE_WLC_ACL 10 deny
acl rule source address SIMPLE_WLC_ACL 10 0.0.0.0 0.0.0.0
acl rule source port range SIMPLE_WLC_ACL 10 0 65535
acl rule destination address SIMPLE_WLC_ACL 10 172.16.0.0 255.240.0.0
acl rule destination port range SIMPLE_WLC_ACL 10 0 65535
acl rule direction SIMPLE_WLC_ACL 10 in
acl rule dscp SIMPLE_WLC_ACL 10 any
acl rule protocol SIMPLE_WLC_ACL 10 any

acl rule add SIMPLE_WLC_ACL 11
acl rule action SIMPLE_WLC_ACL 11 deny
acl rule source address SIMPLE_WLC_ACL 11 0.0.0.0 0.0.0.0
acl rule source port range SIMPLE_WLC_ACL 11 0 65535
acl rule destination address SIMPLE_WLC_ACL 11 192.168.0.0 255.255.0.0
acl rule destination port range SIMPLE_WLC_ACL 11 0 65535
acl rule direction SIMPLE_WLC_ACL 11 in
acl rule dscp SIMPLE_WLC_ACL 11 any
acl rule protocol SIMPLE_WLC_ACL 11 any

acl rule add SIMPLE_WLC_ACL 12
acl rule action SIMPLE_WLC_ACL 12 permit
acl rule source address SIMPLE_WLC_ACL 12 0.0.0.0 0.0.0.0
acl rule source port range SIMPLE_WLC_ACL 12 0 65535
acl rule destination address SIMPLE_WLC_ACL 12 0.0.0.0 0.0.0.0
acl rule destination port range SIMPLE_WLC_ACL 12 0 65535
acl rule direction SIMPLE_WLC_ACL 12 any
acl rule dscp SIMPLE_WLC_ACL 12 any
acl rule protocol SIMPLE_WLC_ACL 12 any

Below is a screenshot of this configuration being applied to our WLC via CLI.

After all of the rules have been added, we still need to apply our WLC ACLs.

acl apply SIMPLE_WLC_ACL

Below, like always, is a screenshot of this command being issued on our WLC via the CLI.

Personally, after I’ve configured a WLC ACL via CLI, I like to make sure it looks good both within the CLI and GUI. Lets issue the “show acl detailed SIMPLE_WLC_ACL” command to see how our newly creating WLC ACL looks.

Well it looks good to me via the CLI, lets check the GUI one last time to make sure we didn’t miss anything.

Thats how we create our WLC ACLs, via GUI or CLI.  But for me, I personally wanted to create these WLC ACLs faster and more efficiently.  Lets jump into the next section.

---

5. Welcome and Hello too The Zigbits WLC ACL Builder!

Before I show you this “utility” it is built as is.  You are at your own risk and liability with using it, if you decide to use it of course.  Also, I’m sure someone out there can create a better way of doing this but for me it worked and has saved me a ton of time over the years when deploying WLC ACLs, with or without ISE. I have thought about creating an online version with HTML5 but its been very very low on the priority list.

Just to reiterate, you use this utility / tool at your own risk and I accept no liability! You have been cautioned and warned! 🙂

Entering into the interwebs, The Zigbits WLC ACL Builder!!  Manually creating WLC ACLs via GUI and CLI is both time consuming and a hassle, as shown above.  I created an excel tool to automate this time consuming task, because frankly I was wasting a lot of time building WLC ACLs. When I say wasting a lot of time, I mean hours and hours per deployment.  A lot of the WLC ACLs that are needed for some of the customer designs and deployments I have done over the years have gotten very complicated and having this Excel utility / tool has been a life saver.

The Excel document linked below is pretty straight forward but here is a brief overview.

Within the Excel document, I have created a visual matrix for a WLC which will make it easier to view what you are planning to design.  At the right of each row of the matrix is a formula that inputs all the corresponding syntax for that ACL element, lets call this the ACL Element Formula. If you go one more column over you will find a second formula, lets call this the Full ACL Formula, that includes each ACL Element Formula.  The idea here is that as you fill the matrix in with your specific deployment information, each ACL Element Formula is populated and thus the Full ACL Formula is populated. There are a couple of other items added to the Full ACL Formula, such as the Create ACL and Apply ACL lines.  Below are some screenshots to help identify these items within the Excel document.

The Zigbits WLC ACL Builder

The WLC ACL Matrix

The ACL Element Formula (for each rule of the matrix)

The Full ACL Formula

The ACL Name

The Create ACL

The Apply ACL

The Zigbits WLC ACL Builder

IMPORTANT NOTE: A Couple of things to note.  When you copy the configuration syntax from the Excel Cell, make sure you copy it into a text pad or notpad first.  There will be some extra blank lines and depending on your editor and OS, you will have some Quotes around the entire section.  Within notepad make sure you delete the extra blank lines and these quotes before pasting into your WLC CLI.  I would also limit the number of lines you paste into your WLC CLI to about 50 at a time.

Finally, if you are working with WLC ACLs that are very long, you might end up hitting an Excel Cell length limit, in which case you may have to do some manual editing to get it to work.  I’ve only had this occur a handful of times because most WLC ACLs haven’t gotten that long. Most of my WLC ACLs stay around the 20 – 30 sequence marks.  When this has happened I’ve had to split the Full ACL Formula into two different Excel Cells, then manually merge them in a text editor.

Here is the Zigbits WLC ACL Builder for download:

Zigbits WLC ACL Builder

---

7. Our Lab WLC ACLs

Here are all of the WLC ACLs we need for our Deployment.  To make this easier I have created all of the ACLs with The Zigbits WLC ACL Builder and left them in the uploaded version.

WLAN-DOMAIN-PC

• permit DHCP
• permit DNS
• permit SNMP
• permit DC1
• permit DC2
• permit ISE PSNs
• Deny everything else

*** Normal / Standard ACL WLAN-DOMAIN-PC ***
*** ------------------------------------ ***
acl create WLAN-DOMAIN-PC
acl rule add WLAN-DOMAIN-PC 1
acl rule action WLAN-DOMAIN-PC 1 permit
acl rule source address WLAN-DOMAIN-PC 1 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-PC 1 68 68
acl rule destination address WLAN-DOMAIN-PC 1 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-PC 1 67 67
acl rule direction WLAN-DOMAIN-PC 1 any
acl rule dscp WLAN-DOMAIN-PC 1 any
acl rule protocol WLAN-DOMAIN-PC 1 17
acl rule add WLAN-DOMAIN-PC 2
acl rule action WLAN-DOMAIN-PC 2 permit
acl rule source address WLAN-DOMAIN-PC 2 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-PC 2 67 67
acl rule destination address WLAN-DOMAIN-PC 2 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-PC 2 68 68
acl rule direction WLAN-DOMAIN-PC 2 any
acl rule dscp WLAN-DOMAIN-PC 2 any
acl rule protocol WLAN-DOMAIN-PC 2 17
acl rule add WLAN-DOMAIN-PC 3
acl rule action WLAN-DOMAIN-PC 3 permit
acl rule source address WLAN-DOMAIN-PC 3 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-PC 3 53 53
acl rule destination address WLAN-DOMAIN-PC 3 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-PC 3 0 65535
acl rule direction WLAN-DOMAIN-PC 3 any
acl rule dscp WLAN-DOMAIN-PC 3 any
acl rule protocol WLAN-DOMAIN-PC 3 17
acl rule add WLAN-DOMAIN-PC 4
acl rule action WLAN-DOMAIN-PC 4 permit
acl rule source address WLAN-DOMAIN-PC 4 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-PC 4 0 65535
acl rule destination address WLAN-DOMAIN-PC 4 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-PC 4 53 53
acl rule direction WLAN-DOMAIN-PC 4 any
acl rule dscp WLAN-DOMAIN-PC 4 any
acl rule protocol WLAN-DOMAIN-PC 4 17
acl rule add WLAN-DOMAIN-PC 5
acl rule action WLAN-DOMAIN-PC 5 permit
acl rule source address WLAN-DOMAIN-PC 5 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-PC 5 0 65535
acl rule destination address WLAN-DOMAIN-PC 5 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-PC 5 161 161
acl rule direction WLAN-DOMAIN-PC 5 any
acl rule dscp WLAN-DOMAIN-PC 5 any
acl rule protocol WLAN-DOMAIN-PC 5 17
acl rule add WLAN-DOMAIN-PC 6
acl rule action WLAN-DOMAIN-PC 6 permit
acl rule source address WLAN-DOMAIN-PC 6 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-PC 6 161 161
acl rule destination address WLAN-DOMAIN-PC 6 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-PC 6 0 65535
acl rule direction WLAN-DOMAIN-PC 6 any
acl rule dscp WLAN-DOMAIN-PC 6 any
acl rule protocol WLAN-DOMAIN-PC 6 17
acl rule add WLAN-DOMAIN-PC 7
acl rule action WLAN-DOMAIN-PC 7 permit
acl rule source address WLAN-DOMAIN-PC 7 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-PC 7 0 65535
acl rule destination address WLAN-DOMAIN-PC 7 172.16.10.20 255.255.255.255
acl rule destination port range WLAN-DOMAIN-PC 7 0 65535
acl rule direction WLAN-DOMAIN-PC 7 In
acl rule dscp WLAN-DOMAIN-PC 7 any
acl rule protocol WLAN-DOMAIN-PC 7 any
acl rule add WLAN-DOMAIN-PC 8
acl rule action WLAN-DOMAIN-PC 8 permit
acl rule source address WLAN-DOMAIN-PC 8 172.16.10.20 255.255.255.255
acl rule source port range WLAN-DOMAIN-PC 8 0 65535
acl rule destination address WLAN-DOMAIN-PC 8 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-PC 8 0 65535
acl rule direction WLAN-DOMAIN-PC 8 Out
acl rule dscp WLAN-DOMAIN-PC 8 any
acl rule protocol WLAN-DOMAIN-PC 8 any
acl rule add WLAN-DOMAIN-PC 9
acl rule action WLAN-DOMAIN-PC 9 permit
acl rule source address WLAN-DOMAIN-PC 9 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-PC 9 0 65535
acl rule destination address WLAN-DOMAIN-PC 9 172.16.10.21 255.255.255.255
acl rule destination port range WLAN-DOMAIN-PC 9 0 65535
acl rule direction WLAN-DOMAIN-PC 9 In
acl rule dscp WLAN-DOMAIN-PC 9 any
acl rule protocol WLAN-DOMAIN-PC 9 any
acl rule add WLAN-DOMAIN-PC 10
acl rule action WLAN-DOMAIN-PC 10 permit
acl rule source address WLAN-DOMAIN-PC 10 172.16.10.21 255.255.255.255
acl rule source port range WLAN-DOMAIN-PC 10 0 65535
acl rule destination address WLAN-DOMAIN-PC 10 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-PC 10 0 65535
acl rule direction WLAN-DOMAIN-PC 10 Out
acl rule dscp WLAN-DOMAIN-PC 10 any
acl rule protocol WLAN-DOMAIN-PC 10 any
acl rule add WLAN-DOMAIN-PC 11
acl rule action WLAN-DOMAIN-PC 11 permit
acl rule source address WLAN-DOMAIN-PC 11 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-PC 11 0 65535
acl rule destination address WLAN-DOMAIN-PC 11 172.16.10.203 255.255.255.255
acl rule destination port range WLAN-DOMAIN-PC 11 0 65535
acl rule direction WLAN-DOMAIN-PC 11 In
acl rule dscp WLAN-DOMAIN-PC 11 any
acl rule protocol WLAN-DOMAIN-PC 11 any
acl rule add WLAN-DOMAIN-PC 12
acl rule action WLAN-DOMAIN-PC 12 permit
acl rule source address WLAN-DOMAIN-PC 12 172.16.10.203 255.255.255.255
acl rule source port range WLAN-DOMAIN-PC 12 0 65535
acl rule destination address WLAN-DOMAIN-PC 12 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-PC 12 0 65535
acl rule direction WLAN-DOMAIN-PC 12 Out
acl rule dscp WLAN-DOMAIN-PC 12 any
acl rule protocol WLAN-DOMAIN-PC 12 any
acl rule add WLAN-DOMAIN-PC 13
acl rule action WLAN-DOMAIN-PC 13 permit
acl rule source address WLAN-DOMAIN-PC 13 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-PC 13 0 65535
acl rule destination address WLAN-DOMAIN-PC 13 172.16.10.204 255.255.255.255
acl rule destination port range WLAN-DOMAIN-PC 13 0 65535
acl rule direction WLAN-DOMAIN-PC 13 In
acl rule dscp WLAN-DOMAIN-PC 13 any
acl rule protocol WLAN-DOMAIN-PC 13 any
acl rule add WLAN-DOMAIN-PC 14
acl rule action WLAN-DOMAIN-PC 14 permit
acl rule source address WLAN-DOMAIN-PC 14 172.16.10.204 255.255.255.255
acl rule source port range WLAN-DOMAIN-PC 14 0 65535
acl rule destination address WLAN-DOMAIN-PC 14 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-PC 14 0 65535
acl rule direction WLAN-DOMAIN-PC 14 Out
acl rule dscp WLAN-DOMAIN-PC 14 any
acl rule protocol WLAN-DOMAIN-PC 14 any
acl rule add WLAN-DOMAIN-PC 15
acl rule action WLAN-DOMAIN-PC 15 deny
acl rule source address WLAN-DOMAIN-PC 15 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-PC 15 0 65535
acl rule destination address WLAN-DOMAIN-PC 15 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-PC 15 0 65535
acl rule direction WLAN-DOMAIN-PC 15 any
acl rule dscp WLAN-DOMAIN-PC 15 any
acl rule protocol WLAN-DOMAIN-PC 15 any
acl apply WLAN-DOMAIN-PC


*** Flexconnect ACL WLAN-DOMAIN-PC ***
*** ------------------------------ ***

flexconnect acl create WLAN-DOMAIN-PC
flexconnect acl rule add WLAN-DOMAIN-PC 1 
flexconnect acl rule action WLAN-DOMAIN-PC 1 permit
flexconnect acl rule source address WLAN-DOMAIN-PC 1 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-PC 1 68 68
flexconnect acl rule destination address WLAN-DOMAIN-PC 1 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-PC 1 67 67
flexconnect acl rule dscp WLAN-DOMAIN-PC 1 any
flexconnect acl rule protocol WLAN-DOMAIN-PC 1 17
flexconnect acl rule add WLAN-DOMAIN-PC 2 
flexconnect acl rule action WLAN-DOMAIN-PC 2 permit
flexconnect acl rule source address WLAN-DOMAIN-PC 2 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-PC 2 67 67
flexconnect acl rule destination address WLAN-DOMAIN-PC 2 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-PC 2 68 68
flexconnect acl rule dscp WLAN-DOMAIN-PC 2 any
flexconnect acl rule protocol WLAN-DOMAIN-PC 2 17
flexconnect acl rule add WLAN-DOMAIN-PC 3 
flexconnect acl rule action WLAN-DOMAIN-PC 3 permit
flexconnect acl rule source address WLAN-DOMAIN-PC 3 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-PC 3 53 53
flexconnect acl rule destination address WLAN-DOMAIN-PC 3 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-PC 3 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-PC 3 any
flexconnect acl rule protocol WLAN-DOMAIN-PC 3 17
flexconnect acl rule add WLAN-DOMAIN-PC 4 
flexconnect acl rule action WLAN-DOMAIN-PC 4 permit
flexconnect acl rule source address WLAN-DOMAIN-PC 4 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-PC 4 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-PC 4 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-PC 4 53 53
flexconnect acl rule dscp WLAN-DOMAIN-PC 4 any
flexconnect acl rule protocol WLAN-DOMAIN-PC 4 17
flexconnect acl rule add WLAN-DOMAIN-PC 5 
flexconnect acl rule action WLAN-DOMAIN-PC 5 permit
flexconnect acl rule source address WLAN-DOMAIN-PC 5 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-PC 5 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-PC 5 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-PC 5 161 161
flexconnect acl rule dscp WLAN-DOMAIN-PC 5 any
flexconnect acl rule protocol WLAN-DOMAIN-PC 5 17
flexconnect acl rule add WLAN-DOMAIN-PC 6 
flexconnect acl rule action WLAN-DOMAIN-PC 6 permit
flexconnect acl rule source address WLAN-DOMAIN-PC 6 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-PC 6 161 161
flexconnect acl rule destination address WLAN-DOMAIN-PC 6 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-PC 6 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-PC 6 any
flexconnect acl rule protocol WLAN-DOMAIN-PC 6 17
flexconnect acl rule add WLAN-DOMAIN-PC 7 
flexconnect acl rule action WLAN-DOMAIN-PC 7 permit
flexconnect acl rule source address WLAN-DOMAIN-PC 7 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-PC 7 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-PC 7 172.16.10.20 255.255.255.255
flexconnect acl rule destination port range WLAN-DOMAIN-PC 7 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-PC 7 any
flexconnect acl rule protocol WLAN-DOMAIN-PC 7 any
flexconnect acl rule add WLAN-DOMAIN-PC 8 
flexconnect acl rule action WLAN-DOMAIN-PC 8 permit
flexconnect acl rule source address WLAN-DOMAIN-PC 8 172.16.10.20 255.255.255.255
flexconnect acl rule source port range WLAN-DOMAIN-PC 8 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-PC 8 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-PC 8 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-PC 8 any
flexconnect acl rule protocol WLAN-DOMAIN-PC 8 any
flexconnect acl rule add WLAN-DOMAIN-PC 9 
flexconnect acl rule action WLAN-DOMAIN-PC 9 permit
flexconnect acl rule source address WLAN-DOMAIN-PC 9 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-PC 9 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-PC 9 172.16.10.21 255.255.255.255
flexconnect acl rule destination port range WLAN-DOMAIN-PC 9 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-PC 9 any
flexconnect acl rule protocol WLAN-DOMAIN-PC 9 any
flexconnect acl rule add WLAN-DOMAIN-PC 10 
flexconnect acl rule action WLAN-DOMAIN-PC 10 permit
flexconnect acl rule source address WLAN-DOMAIN-PC 10 172.16.10.21 255.255.255.255
flexconnect acl rule source port range WLAN-DOMAIN-PC 10 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-PC 10 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-PC 10 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-PC 10 any
flexconnect acl rule protocol WLAN-DOMAIN-PC 10 any
flexconnect acl rule add WLAN-DOMAIN-PC 11 
flexconnect acl rule action WLAN-DOMAIN-PC 11 permit
flexconnect acl rule source address WLAN-DOMAIN-PC 11 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-PC 11 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-PC 11 172.16.10.203 255.255.255.255
flexconnect acl rule destination port range WLAN-DOMAIN-PC 11 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-PC 11 any
flexconnect acl rule protocol WLAN-DOMAIN-PC 11 any
flexconnect acl rule add WLAN-DOMAIN-PC 12 
flexconnect acl rule action WLAN-DOMAIN-PC 12 permit
flexconnect acl rule source address WLAN-DOMAIN-PC 12 172.16.10.203 255.255.255.255
flexconnect acl rule source port range WLAN-DOMAIN-PC 12 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-PC 12 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-PC 12 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-PC 12 any
flexconnect acl rule protocol WLAN-DOMAIN-PC 12 any
flexconnect acl rule add WLAN-DOMAIN-PC 13 
flexconnect acl rule action WLAN-DOMAIN-PC 13 permit
flexconnect acl rule source address WLAN-DOMAIN-PC 13 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-PC 13 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-PC 13 172.16.10.204 255.255.255.255
flexconnect acl rule destination port range WLAN-DOMAIN-PC 13 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-PC 13 any
flexconnect acl rule protocol WLAN-DOMAIN-PC 13 any
flexconnect acl rule add WLAN-DOMAIN-PC 14 
flexconnect acl rule action WLAN-DOMAIN-PC 14 permit
flexconnect acl rule source address WLAN-DOMAIN-PC 14 172.16.10.204 255.255.255.255
flexconnect acl rule source port range WLAN-DOMAIN-PC 14 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-PC 14 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-PC 14 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-PC 14 any
flexconnect acl rule protocol WLAN-DOMAIN-PC 14 any
flexconnect acl rule add WLAN-DOMAIN-PC 15 
flexconnect acl rule action WLAN-DOMAIN-PC 15 deny
flexconnect acl rule source address WLAN-DOMAIN-PC 15 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-PC 15 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-PC 15 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-PC 15 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-PC 15 any
flexconnect acl rule protocol WLAN-DOMAIN-PC 15 any
flexconnect acl apply WLAN-DOMAIN-PC

---

WLAN-PRIV-USER

• permit ip any any

*** Normal / Standard ACL WLAN-PRIV-USER ***
*** ------------------------------------ ***

acl create WLAN-PRIV-USER
acl rule add WLAN-PRIV-USER 1
acl rule action WLAN-PRIV-USER 1 permit
acl rule source address WLAN-PRIV-USER 1 0.0.0.0 0.0.0.0
acl rule source port range WLAN-PRIV-USER 1 0 65535
acl rule destination address WLAN-PRIV-USER 1 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-PRIV-USER 1 0 65535
acl rule direction WLAN-PRIV-USER 1 any
acl rule dscp WLAN-PRIV-USER 1 any
acl rule protocol WLAN-PRIV-USER 1 any
acl apply WLAN-PRIV-USER

*** Flexconnect ACL WLAN-PRIV-USER ***
*** ------------------------------ ***

flexconnect acl create WLAN-PRIV-USER
flexconnect acl rule add WLAN-PRIV-USER 1
flexconnect acl rule action WLAN-PRIV-USER 1 permit
flexconnect acl rule source address WLAN-PRIV-USER 1 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-PRIV-USER 1 0 65535
flexconnect acl rule destination address WLAN-PRIV-USER 1 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-PRIV-USER 1 0 65535
flexconnect acl rule dscp WLAN-PRIV-USER 1 any
flexconnect acl rule protocol WLAN-PRIV-USER 1 any
flexconnect acl apply WLAN-PRIV-USER

---

WLAN-DOMAIN-USER

• permit DHCP
• permit DNS
• permit SNMP
• permit 172.16.10.0/24
• deny rfc 1918
• permit ip any any

*** Normal / Standard ACL WLAN-DOMAIN-USER ***
*** -------------------------------------- ***

acl create WLAN-DOMAIN-USER
acl rule add WLAN-DOMAIN-USER 1
acl rule action WLAN-DOMAIN-USER 1 permit
acl rule source address WLAN-DOMAIN-USER 1 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-USER 1 68 68
acl rule destination address WLAN-DOMAIN-USER 1 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-USER 1 67 67
acl rule direction WLAN-DOMAIN-USER 1 any
acl rule dscp WLAN-DOMAIN-USER 1 any
acl rule protocol WLAN-DOMAIN-USER 1 17
acl rule add WLAN-DOMAIN-USER 2
acl rule action WLAN-DOMAIN-USER 2 permit
acl rule source address WLAN-DOMAIN-USER 2 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-USER 2 67 67
acl rule destination address WLAN-DOMAIN-USER 2 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-USER 2 68 68
acl rule direction WLAN-DOMAIN-USER 2 any
acl rule dscp WLAN-DOMAIN-USER 2 any
acl rule protocol WLAN-DOMAIN-USER 2 17
acl rule add WLAN-DOMAIN-USER 3
acl rule action WLAN-DOMAIN-USER 3 permit
acl rule source address WLAN-DOMAIN-USER 3 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-USER 3 53 53
acl rule destination address WLAN-DOMAIN-USER 3 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-USER 3 0 65535
acl rule direction WLAN-DOMAIN-USER 3 any
acl rule dscp WLAN-DOMAIN-USER 3 any
acl rule protocol WLAN-DOMAIN-USER 3 17
acl rule add WLAN-DOMAIN-USER 4
acl rule action WLAN-DOMAIN-USER 4 permit
acl rule source address WLAN-DOMAIN-USER 4 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-USER 4 0 65535
acl rule destination address WLAN-DOMAIN-USER 4 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-USER 4 53 53
acl rule direction WLAN-DOMAIN-USER 4 any
acl rule dscp WLAN-DOMAIN-USER 4 any
acl rule protocol WLAN-DOMAIN-USER 4 17
acl rule add WLAN-DOMAIN-USER 5
acl rule action WLAN-DOMAIN-USER 5 permit
acl rule source address WLAN-DOMAIN-USER 5 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-USER 5 0 65535
acl rule destination address WLAN-DOMAIN-USER 5 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-USER 5 161 161
acl rule direction WLAN-DOMAIN-USER 5 any
acl rule dscp WLAN-DOMAIN-USER 5 any
acl rule protocol WLAN-DOMAIN-USER 5 17
acl rule add WLAN-DOMAIN-USER 6
acl rule action WLAN-DOMAIN-USER 6 permit
acl rule source address WLAN-DOMAIN-USER 6 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-USER 6 161 161
acl rule destination address WLAN-DOMAIN-USER 6 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-USER 6 0 65535
acl rule direction WLAN-DOMAIN-USER 6 any
acl rule dscp WLAN-DOMAIN-USER 6 any
acl rule protocol WLAN-DOMAIN-USER 6 17
acl rule add WLAN-DOMAIN-USER 7
acl rule action WLAN-DOMAIN-USER 7 permit
acl rule source address WLAN-DOMAIN-USER 7 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-USER 7 0 65535
acl rule destination address WLAN-DOMAIN-USER 7 172.16.10.0 255.255.255.0
acl rule destination port range WLAN-DOMAIN-USER 7 0 65535
acl rule direction WLAN-DOMAIN-USER 7 In
acl rule dscp WLAN-DOMAIN-USER 7 any
acl rule protocol WLAN-DOMAIN-USER 7 any
acl rule add WLAN-DOMAIN-USER 8
acl rule action WLAN-DOMAIN-USER 8 permit
acl rule source address WLAN-DOMAIN-USER 8 172.16.10.0 255.255.255.0
acl rule source port range WLAN-DOMAIN-USER 8 0 65535
acl rule destination address WLAN-DOMAIN-USER 8 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-USER 8 0 65535
acl rule direction WLAN-DOMAIN-USER 8 Out
acl rule dscp WLAN-DOMAIN-USER 8 any
acl rule protocol WLAN-DOMAIN-USER 8 any
acl rule add WLAN-DOMAIN-USER 9
acl rule action WLAN-DOMAIN-USER 9 deny
acl rule source address WLAN-DOMAIN-USER 9 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-USER 9 0 65535
acl rule destination address WLAN-DOMAIN-USER 9 10.0.0.0 255.0.0.0
acl rule destination port range WLAN-DOMAIN-USER 9 0 65535
acl rule direction WLAN-DOMAIN-USER 9 in
acl rule dscp WLAN-DOMAIN-USER 9 any
acl rule protocol WLAN-DOMAIN-USER 9 any
acl rule add WLAN-DOMAIN-USER 10
acl rule action WLAN-DOMAIN-USER 10 deny
acl rule source address WLAN-DOMAIN-USER 10 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-USER 10 0 65535
acl rule destination address WLAN-DOMAIN-USER 10 172.16.0.0 255.240.0.0
acl rule destination port range WLAN-DOMAIN-USER 10 0 65535
acl rule direction WLAN-DOMAIN-USER 10 in
acl rule dscp WLAN-DOMAIN-USER 10 any
acl rule protocol WLAN-DOMAIN-USER 10 any
acl rule add WLAN-DOMAIN-USER 11
acl rule action WLAN-DOMAIN-USER 11 deny
acl rule source address WLAN-DOMAIN-USER 11 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-USER 11 0 65535
acl rule destination address WLAN-DOMAIN-USER 11 192.168.0.0 255.255.0.0
acl rule destination port range WLAN-DOMAIN-USER 11 0 65535
acl rule direction WLAN-DOMAIN-USER 11 in
acl rule dscp WLAN-DOMAIN-USER 11 any
acl rule protocol WLAN-DOMAIN-USER 11 any
acl rule add WLAN-DOMAIN-USER 12
acl rule action WLAN-DOMAIN-USER 12 permit
acl rule source address WLAN-DOMAIN-USER 12 0.0.0.0 0.0.0.0
acl rule source port range WLAN-DOMAIN-USER 12 0 65535
acl rule destination address WLAN-DOMAIN-USER 12 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-DOMAIN-USER 12 0 65535
acl rule direction WLAN-DOMAIN-USER 12 any
acl rule dscp WLAN-DOMAIN-USER 12 any
acl rule protocol WLAN-DOMAIN-USER 12 any
acl apply WLAN-DOMAIN-USER

*** Flexconnect ACL WLAN-DOMAIN-USER ***
*** -------------------------------- ***

flexconnect acl create WLAN-DOMAIN-USER
flexconnect acl rule add WLAN-DOMAIN-USER 1
flexconnect acl rule action WLAN-DOMAIN-USER 1 permit
flexconnect acl rule source address WLAN-DOMAIN-USER 1 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-USER 1 68 68
flexconnect acl rule destination address WLAN-DOMAIN-USER 1 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-USER 1 67 67
flexconnect acl rule dscp WLAN-DOMAIN-USER 1 any
flexconnect acl rule protocol WLAN-DOMAIN-USER 1 17
flexconnect acl rule add WLAN-DOMAIN-USER 2
flexconnect acl rule action WLAN-DOMAIN-USER 2 permit
flexconnect acl rule source address WLAN-DOMAIN-USER 2 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-USER 2 67 67
flexconnect acl rule destination address WLAN-DOMAIN-USER 2 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-USER 2 68 68
flexconnect acl rule dscp WLAN-DOMAIN-USER 2 any
flexconnect acl rule protocol WLAN-DOMAIN-USER 2 17
flexconnect acl rule add WLAN-DOMAIN-USER 3
flexconnect acl rule action WLAN-DOMAIN-USER 3 permit
flexconnect acl rule source address WLAN-DOMAIN-USER 3 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-USER 3 53 53
flexconnect acl rule destination address WLAN-DOMAIN-USER 3 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-USER 3 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-USER 3 any
flexconnect acl rule protocol WLAN-DOMAIN-USER 3 17
flexconnect acl rule add WLAN-DOMAIN-USER 4
flexconnect acl rule action WLAN-DOMAIN-USER 4 permit
flexconnect acl rule source address WLAN-DOMAIN-USER 4 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-USER 4 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-USER 4 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-USER 4 53 53
flexconnect acl rule dscp WLAN-DOMAIN-USER 4 any
flexconnect acl rule protocol WLAN-DOMAIN-USER 4 17
flexconnect acl rule add WLAN-DOMAIN-USER 5
flexconnect acl rule action WLAN-DOMAIN-USER 5 permit
flexconnect acl rule source address WLAN-DOMAIN-USER 5 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-USER 5 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-USER 5 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-USER 5 161 161
flexconnect acl rule dscp WLAN-DOMAIN-USER 5 any
flexconnect acl rule protocol WLAN-DOMAIN-USER 5 17
flexconnect acl rule add WLAN-DOMAIN-USER 6
flexconnect acl rule action WLAN-DOMAIN-USER 6 permit
flexconnect acl rule source address WLAN-DOMAIN-USER 6 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-USER 6 161 161
flexconnect acl rule destination address WLAN-DOMAIN-USER 6 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-USER 6 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-USER 6 any
flexconnect acl rule protocol WLAN-DOMAIN-USER 6 17
flexconnect acl rule add WLAN-DOMAIN-USER 7
flexconnect acl rule action WLAN-DOMAIN-USER 7 permit
flexconnect acl rule source address WLAN-DOMAIN-USER 7 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-USER 7 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-USER 7 172.16.10.0 255.255.255.0
flexconnect acl rule destination port range WLAN-DOMAIN-USER 7 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-USER 7 any
flexconnect acl rule protocol WLAN-DOMAIN-USER 7 any
flexconnect acl rule add WLAN-DOMAIN-USER 8
flexconnect acl rule action WLAN-DOMAIN-USER 8 permit
flexconnect acl rule source address WLAN-DOMAIN-USER 8 172.16.10.0 255.255.255.0
flexconnect acl rule source port range WLAN-DOMAIN-USER 8 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-USER 8 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-USER 8 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-USER 8 any
flexconnect acl rule protocol WLAN-DOMAIN-USER 8 any
flexconnect acl rule add WLAN-DOMAIN-USER 9
flexconnect acl rule action WLAN-DOMAIN-USER 9 deny
flexconnect acl rule source address WLAN-DOMAIN-USER 9 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-USER 9 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-USER 9 10.0.0.0 255.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-USER 9 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-USER 9 any
flexconnect acl rule protocol WLAN-DOMAIN-USER 9 any
flexconnect acl rule add WLAN-DOMAIN-USER 10
flexconnect acl rule action WLAN-DOMAIN-USER 10 deny
flexconnect acl rule source address WLAN-DOMAIN-USER 10 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-USER 10 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-USER 10 172.16.0.0 255.240.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-USER 10 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-USER 10 any
flexconnect acl rule protocol WLAN-DOMAIN-USER 10 any
flexconnect acl rule add WLAN-DOMAIN-USER 11
flexconnect acl rule action WLAN-DOMAIN-USER 11 deny
flexconnect acl rule source address WLAN-DOMAIN-USER 11 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-USER 11 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-USER 11 192.168.0.0 255.255.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-USER 11 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-USER 11 any
flexconnect acl rule protocol WLAN-DOMAIN-USER 11 any
flexconnect acl rule add WLAN-DOMAIN-USER 12
flexconnect acl rule action WLAN-DOMAIN-USER 12 permit
flexconnect acl rule source address WLAN-DOMAIN-USER 12 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-DOMAIN-USER 12 0 65535
flexconnect acl rule destination address WLAN-DOMAIN-USER 12 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-DOMAIN-USER 12 0 65535
flexconnect acl rule dscp WLAN-DOMAIN-USER 12 any
flexconnect acl rule protocol WLAN-DOMAIN-USER 12 any
flexconnect acl apply WLAN-DOMAIN-USER

---

WLAN-BYOD

• permit DHCP
• permit DNS
• permit SNMP
• permit 172.16.10.20
• permit 172.16.10.21
• permit server resource
• deny RFC1918
• permit ip any any

*** Normal / Standard ACL WLAN-BYOD ***
*** ------------------------------- ***

acl create WLAN-BYOD
acl rule add WLAN-BYOD 1
acl rule action WLAN-BYOD 1 permit
acl rule source address WLAN-BYOD 1 0.0.0.0 0.0.0.0
acl rule source port range WLAN-BYOD 1 68 68
acl rule destination address WLAN-BYOD 1 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-BYOD 1 67 67
acl rule direction WLAN-BYOD 1 any
acl rule dscp WLAN-BYOD 1 any
acl rule protocol WLAN-BYOD 1 17
acl rule add WLAN-BYOD 2
acl rule action WLAN-BYOD 2 permit
acl rule source address WLAN-BYOD 2 0.0.0.0 0.0.0.0
acl rule source port range WLAN-BYOD 2 67 67
acl rule destination address WLAN-BYOD 2 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-BYOD 2 68 68
acl rule direction WLAN-BYOD 2 any
acl rule dscp WLAN-BYOD 2 any
acl rule protocol WLAN-BYOD 2 17
acl rule add WLAN-BYOD 3
acl rule action WLAN-BYOD 3 permit
acl rule source address WLAN-BYOD 3 0.0.0.0 0.0.0.0
acl rule source port range WLAN-BYOD 3 53 53
acl rule destination address WLAN-BYOD 3 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-BYOD 3 0 65535
acl rule direction WLAN-BYOD 3 any
acl rule dscp WLAN-BYOD 3 any
acl rule protocol WLAN-BYOD 3 17
acl rule add WLAN-BYOD 4
acl rule action WLAN-BYOD 4 permit
acl rule source address WLAN-BYOD 4 0.0.0.0 0.0.0.0
acl rule source port range WLAN-BYOD 4 0 65535
acl rule destination address WLAN-BYOD 4 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-BYOD 4 53 53
acl rule direction WLAN-BYOD 4 any
acl rule dscp WLAN-BYOD 4 any
acl rule protocol WLAN-BYOD 4 17
acl rule add WLAN-BYOD 5
acl rule action WLAN-BYOD 5 permit
acl rule source address WLAN-BYOD 5 0.0.0.0 0.0.0.0
acl rule source port range WLAN-BYOD 5 0 65535
acl rule destination address WLAN-BYOD 5 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-BYOD 5 161 161
acl rule direction WLAN-BYOD 5 any
acl rule dscp WLAN-BYOD 5 any
acl rule protocol WLAN-BYOD 5 17
acl rule add WLAN-BYOD 6
acl rule action WLAN-BYOD 6 permit
acl rule source address WLAN-BYOD 6 0.0.0.0 0.0.0.0
acl rule source port range WLAN-BYOD 6 161 161
acl rule destination address WLAN-BYOD 6 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-BYOD 6 0 65535
acl rule direction WLAN-BYOD 6 any
acl rule dscp WLAN-BYOD 6 any
acl rule protocol WLAN-BYOD 6 17
acl rule add WLAN-BYOD 7
acl rule action WLAN-BYOD 7 permit
acl rule source address WLAN-BYOD 7 0.0.0.0 0.0.0.0
acl rule source port range WLAN-BYOD 7 0 65535
acl rule destination address WLAN-BYOD 7 172.16.10.203 255.255.255.255
acl rule destination port range WLAN-BYOD 7 0 65535
acl rule direction WLAN-BYOD 7 In
acl rule dscp WLAN-BYOD 7 any
acl rule protocol WLAN-BYOD 7 any
acl rule add WLAN-BYOD 8
acl rule action WLAN-BYOD 8 permit
acl rule source address WLAN-BYOD 8 172.16.10.203 255.255.255.255
acl rule source port range WLAN-BYOD 8 0 65535
acl rule destination address WLAN-BYOD 8 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-BYOD 8 0 65535
acl rule direction WLAN-BYOD 8 Out
acl rule dscp WLAN-BYOD 8 any
acl rule protocol WLAN-BYOD 8 any
acl rule add WLAN-BYOD 9
acl rule action WLAN-BYOD 9 permit
acl rule source address WLAN-BYOD 9 0.0.0.0 0.0.0.0
acl rule source port range WLAN-BYOD 9 0 65535
acl rule destination address WLAN-BYOD 9 172.16.10.204 255.255.255.255
acl rule destination port range WLAN-BYOD 9 0 65535
acl rule direction WLAN-BYOD 9 In
acl rule dscp WLAN-BYOD 9 any
acl rule protocol WLAN-BYOD 9 any
acl rule add WLAN-BYOD 10
acl rule action WLAN-BYOD 10 permit
acl rule source address WLAN-BYOD 10 172.16.10.204 255.255.255.255
acl rule source port range WLAN-BYOD 10 0 65535
acl rule destination address WLAN-BYOD 10 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-BYOD 10 0 65535
acl rule direction WLAN-BYOD 10 Out
acl rule dscp WLAN-BYOD 10 any
acl rule protocol WLAN-BYOD 10 any
acl rule add WLAN-BYOD 11
acl rule action WLAN-BYOD 11 permit
acl rule source address WLAN-BYOD 11 0.0.0.0 0.0.0.0
acl rule source port range WLAN-BYOD 11 0 65535
acl rule destination address WLAN-BYOD 11 172.16.10.101 255.255.255.255
acl rule destination port range WLAN-BYOD 11 0 65535
acl rule direction WLAN-BYOD 11 In
acl rule dscp WLAN-BYOD 11 any
acl rule protocol WLAN-BYOD 11 any
acl rule add WLAN-BYOD 12
acl rule action WLAN-BYOD 12 permit
acl rule source address WLAN-BYOD 12 172.16.10.101 255.255.255.255
acl rule source port range WLAN-BYOD 12 0 65535
acl rule destination address WLAN-BYOD 12 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-BYOD 12 0 65535
acl rule direction WLAN-BYOD 12 Out
acl rule dscp WLAN-BYOD 12 any
acl rule protocol WLAN-BYOD 12 any
acl rule add WLAN-BYOD 13
acl rule action WLAN-BYOD 13 deny
acl rule source address WLAN-BYOD 13 0.0.0.0 0.0.0.0
acl rule source port range WLAN-BYOD 13 0 65535
acl rule destination address WLAN-BYOD 13 10.0.0.0 255.0.0.0
acl rule destination port range WLAN-BYOD 13 0 65535
acl rule direction WLAN-BYOD 13 in
acl rule dscp WLAN-BYOD 13 any
acl rule protocol WLAN-BYOD 13 any
acl rule add WLAN-BYOD 14
acl rule action WLAN-BYOD 14 deny
acl rule source address WLAN-BYOD 14 0.0.0.0 0.0.0.0
acl rule source port range WLAN-BYOD 14 0 65535
acl rule destination address WLAN-BYOD 14 172.16.0.0 255.240.0.0
acl rule destination port range WLAN-BYOD 14 0 65535
acl rule direction WLAN-BYOD 14 in
acl rule dscp WLAN-BYOD 14 any
acl rule protocol WLAN-BYOD 14 any
acl rule add WLAN-BYOD 15
acl rule action WLAN-BYOD 15 deny
acl rule source address WLAN-BYOD 15 0.0.0.0 0.0.0.0
acl rule source port range WLAN-BYOD 15 0 65535
acl rule destination address WLAN-BYOD 15 192.168.0.0 255.255.0.0
acl rule destination port range WLAN-BYOD 15 0 65535
acl rule direction WLAN-BYOD 15 in
acl rule dscp WLAN-BYOD 15 any
acl rule protocol WLAN-BYOD 15 any
acl rule add WLAN-BYOD 16
acl rule action WLAN-BYOD 16 permit
acl rule source address WLAN-BYOD 16 0.0.0.0 0.0.0.0
acl rule source port range WLAN-BYOD 16 0 65535
acl rule destination address WLAN-BYOD 16 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-BYOD 16 0 65535
acl rule direction WLAN-BYOD 16 any
acl rule dscp WLAN-BYOD 16 any
acl rule protocol WLAN-BYOD 16 any
acl apply WLAN-BYOD

*** Flexconnect ACL WLAN-BYOD ***
*** ------------------------- ***

flexconnect acl create WLAN-BYOD
flexconnect acl rule add WLAN-BYOD 1
flexconnect acl rule action WLAN-BYOD 1 permit
flexconnect acl rule source address WLAN-BYOD 1 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-BYOD 1 68 68
flexconnect acl rule destination address WLAN-BYOD 1 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-BYOD 1 67 67
flexconnect acl rule dscp WLAN-BYOD 1 any
flexconnect acl rule protocol WLAN-BYOD 1 17
flexconnect acl rule add WLAN-BYOD 2
flexconnect acl rule action WLAN-BYOD 2 permit
flexconnect acl rule source address WLAN-BYOD 2 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-BYOD 2 67 67
flexconnect acl rule destination address WLAN-BYOD 2 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-BYOD 2 68 68
flexconnect acl rule dscp WLAN-BYOD 2 any
flexconnect acl rule protocol WLAN-BYOD 2 17
flexconnect acl rule add WLAN-BYOD 3
flexconnect acl rule action WLAN-BYOD 3 permit
flexconnect acl rule source address WLAN-BYOD 3 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-BYOD 3 53 53
flexconnect acl rule destination address WLAN-BYOD 3 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-BYOD 3 0 65535
flexconnect acl rule dscp WLAN-BYOD 3 any
flexconnect acl rule protocol WLAN-BYOD 3 17
flexconnect acl rule add WLAN-BYOD 4
flexconnect acl rule action WLAN-BYOD 4 permit
flexconnect acl rule source address WLAN-BYOD 4 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-BYOD 4 0 65535
flexconnect acl rule destination address WLAN-BYOD 4 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-BYOD 4 53 53
flexconnect acl rule dscp WLAN-BYOD 4 any
flexconnect acl rule protocol WLAN-BYOD 4 17
flexconnect acl rule add WLAN-BYOD 5
flexconnect acl rule action WLAN-BYOD 5 permit
flexconnect acl rule source address WLAN-BYOD 5 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-BYOD 5 0 65535
flexconnect acl rule destination address WLAN-BYOD 5 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-BYOD 5 161 161
flexconnect acl rule dscp WLAN-BYOD 5 any
flexconnect acl rule protocol WLAN-BYOD 5 17
flexconnect acl rule add WLAN-BYOD 6
flexconnect acl rule action WLAN-BYOD 6 permit
flexconnect acl rule source address WLAN-BYOD 6 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-BYOD 6 161 161
flexconnect acl rule destination address WLAN-BYOD 6 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-BYOD 6 0 65535
flexconnect acl rule dscp WLAN-BYOD 6 any
flexconnect acl rule protocol WLAN-BYOD 6 17
flexconnect acl rule add WLAN-BYOD 7
flexconnect acl rule action WLAN-BYOD 7 permit
flexconnect acl rule source address WLAN-BYOD 7 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-BYOD 7 0 65535
flexconnect acl rule destination address WLAN-BYOD 7 172.16.10.203 255.255.255.255
flexconnect acl rule destination port range WLAN-BYOD 7 0 65535
flexconnect acl rule dscp WLAN-BYOD 7 any
flexconnect acl rule protocol WLAN-BYOD 7 any
flexconnect acl rule add WLAN-BYOD 8
flexconnect acl rule action WLAN-BYOD 8 permit
flexconnect acl rule source address WLAN-BYOD 8 172.16.10.203 255.255.255.255
flexconnect acl rule source port range WLAN-BYOD 8 0 65535
flexconnect acl rule destination address WLAN-BYOD 8 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-BYOD 8 0 65535
flexconnect acl rule dscp WLAN-BYOD 8 any
flexconnect acl rule protocol WLAN-BYOD 8 any
flexconnect acl rule add WLAN-BYOD 9
flexconnect acl rule action WLAN-BYOD 9 permit
flexconnect acl rule source address WLAN-BYOD 9 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-BYOD 9 0 65535
flexconnect acl rule destination address WLAN-BYOD 9 172.16.10.204 255.255.255.255
flexconnect acl rule destination port range WLAN-BYOD 9 0 65535
flexconnect acl rule dscp WLAN-BYOD 9 any
flexconnect acl rule protocol WLAN-BYOD 9 any
flexconnect acl rule add WLAN-BYOD 10
flexconnect acl rule action WLAN-BYOD 10 permit
flexconnect acl rule source address WLAN-BYOD 10 172.16.10.204 255.255.255.255
flexconnect acl rule source port range WLAN-BYOD 10 0 65535
flexconnect acl rule destination address WLAN-BYOD 10 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-BYOD 10 0 65535
flexconnect acl rule dscp WLAN-BYOD 10 any
flexconnect acl rule protocol WLAN-BYOD 10 any
flexconnect acl rule add WLAN-BYOD 11
flexconnect acl rule action WLAN-BYOD 11 permit
flexconnect acl rule source address WLAN-BYOD 11 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-BYOD 11 0 65535
flexconnect acl rule destination address WLAN-BYOD 11 172.16.10.101 255.255.255.255
flexconnect acl rule destination port range WLAN-BYOD 11 0 65535
flexconnect acl rule dscp WLAN-BYOD 11 any
flexconnect acl rule protocol WLAN-BYOD 11 any
flexconnect acl rule add WLAN-BYOD 12
flexconnect acl rule action WLAN-BYOD 12 permit
flexconnect acl rule source address WLAN-BYOD 12 172.16.10.101 255.255.255.255
flexconnect acl rule source port range WLAN-BYOD 12 0 65535
flexconnect acl rule destination address WLAN-BYOD 12 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-BYOD 12 0 65535
flexconnect acl rule dscp WLAN-BYOD 12 any
flexconnect acl rule protocol WLAN-BYOD 12 any
flexconnect acl rule add WLAN-BYOD 13
flexconnect acl rule action WLAN-BYOD 13 deny
flexconnect acl rule source address WLAN-BYOD 13 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-BYOD 13 0 65535
flexconnect acl rule destination address WLAN-BYOD 13 10.0.0.0 255.0.0.0
flexconnect acl rule destination port range WLAN-BYOD 13 0 65535
flexconnect acl rule dscp WLAN-BYOD 13 any
flexconnect acl rule protocol WLAN-BYOD 13 any
flexconnect acl rule add WLAN-BYOD 14
flexconnect acl rule action WLAN-BYOD 14 deny
flexconnect acl rule source address WLAN-BYOD 14 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-BYOD 14 0 65535
flexconnect acl rule destination address WLAN-BYOD 14 172.16.0.0 255.240.0.0
flexconnect acl rule destination port range WLAN-BYOD 14 0 65535
flexconnect acl rule dscp WLAN-BYOD 14 any
flexconnect acl rule protocol WLAN-BYOD 14 any
flexconnect acl rule add WLAN-BYOD 15
flexconnect acl rule action WLAN-BYOD 15 deny
flexconnect acl rule source address WLAN-BYOD 15 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-BYOD 15 0 65535
flexconnect acl rule destination address WLAN-BYOD 15 192.168.0.0 255.255.0.0
flexconnect acl rule destination port range WLAN-BYOD 15 0 65535
flexconnect acl rule dscp WLAN-BYOD 15 any
flexconnect acl rule protocol WLAN-BYOD 15 any
flexconnect acl rule add WLAN-BYOD 16
flexconnect acl rule action WLAN-BYOD 16 permit
flexconnect acl rule source address WLAN-BYOD 16 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-BYOD 16 0 65535
flexconnect acl rule destination address WLAN-BYOD 16 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-BYOD 16 0 65535
flexconnect acl rule dscp WLAN-BYOD 16 any
flexconnect acl rule protocol WLAN-BYOD 16 any
flexconnect acl apply WLAN-BYOD

 

---

---

WLAN-GUEST

• permit DHCP
• permit DNS
• permit SNMP
• permit ISE PSNs
• deny RFC1918
• permit ip any any

*** Normal / Standard ACL WLAN-GUEST ***
*** -------------------------------- ***

acl create WLAN-GUEST
acl rule add WLAN-GUEST 1 
acl rule action WLAN-GUEST 1 permit
acl rule source address WLAN-GUEST 1 0.0.0.0 0.0.0.0
acl rule source port range WLAN-GUEST 1 68 68
acl rule destination address WLAN-GUEST 1 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-GUEST 1 67 67
acl rule direction WLAN-GUEST 1 any
acl rule dscp WLAN-GUEST 1 any
acl rule protocol WLAN-GUEST 1 17
acl rule add WLAN-GUEST 2 
acl rule action WLAN-GUEST 2 permit
acl rule source address WLAN-GUEST 2 0.0.0.0 0.0.0.0
acl rule source port range WLAN-GUEST 2 67 67
acl rule destination address WLAN-GUEST 2 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-GUEST 2 68 68
acl rule direction WLAN-GUEST 2 any
acl rule dscp WLAN-GUEST 2 any
acl rule protocol WLAN-GUEST 2 17
acl rule add WLAN-GUEST 3 
acl rule action WLAN-GUEST 3 permit
acl rule source address WLAN-GUEST 3 0.0.0.0 0.0.0.0
acl rule source port range WLAN-GUEST 3 53 53
acl rule destination address WLAN-GUEST 3 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-GUEST 3 0 65535
acl rule direction WLAN-GUEST 3 any
acl rule dscp WLAN-GUEST 3 any
acl rule protocol WLAN-GUEST 3 17
acl rule add WLAN-GUEST 4 
acl rule action WLAN-GUEST 4 permit
acl rule source address WLAN-GUEST 4 0.0.0.0 0.0.0.0
acl rule source port range WLAN-GUEST 4 0 65535
acl rule destination address WLAN-GUEST 4 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-GUEST 4 53 53
acl rule direction WLAN-GUEST 4 any
acl rule dscp WLAN-GUEST 4 any
acl rule protocol WLAN-GUEST 4 17
acl rule add WLAN-GUEST 5 
acl rule action WLAN-GUEST 5 permit
acl rule source address WLAN-GUEST 5 0.0.0.0 0.0.0.0
acl rule source port range WLAN-GUEST 5 0 65535
acl rule destination address WLAN-GUEST 5 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-GUEST 5 161 161
acl rule direction WLAN-GUEST 5 any
acl rule dscp WLAN-GUEST 5 any
acl rule protocol WLAN-GUEST 5 17
acl rule add WLAN-GUEST 6 
acl rule action WLAN-GUEST 6 permit
acl rule source address WLAN-GUEST 6 0.0.0.0 0.0.0.0
acl rule source port range WLAN-GUEST 6 161 161
acl rule destination address WLAN-GUEST 6 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-GUEST 6 0 65535
acl rule direction WLAN-GUEST 6 any
acl rule dscp WLAN-GUEST 6 any
acl rule protocol WLAN-GUEST 6 17
acl rule add WLAN-GUEST 7 
acl rule action WLAN-GUEST 7 permit
acl rule source address WLAN-GUEST 7 0.0.0.0 0.0.0.0
acl rule source port range WLAN-GUEST 7 0 65535
acl rule destination address WLAN-GUEST 7 172.16.10.203 255.255.255.255
acl rule destination port range WLAN-GUEST 7 0 65535
acl rule direction WLAN-GUEST 7 In
acl rule dscp WLAN-GUEST 7 any
acl rule protocol WLAN-GUEST 7 any
acl rule add WLAN-GUEST 8 
acl rule action WLAN-GUEST 8 permit
acl rule source address WLAN-GUEST 8 172.16.10.203 255.255.255.255
acl rule source port range WLAN-GUEST 8 0 65535
acl rule destination address WLAN-GUEST 8 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-GUEST 8 0 65535
acl rule direction WLAN-GUEST 8 Out
acl rule dscp WLAN-GUEST 8 any
acl rule protocol WLAN-GUEST 8 any
acl rule add WLAN-GUEST 9 
acl rule action WLAN-GUEST 9 permit
acl rule source address WLAN-GUEST 9 0.0.0.0 0.0.0.0
acl rule source port range WLAN-GUEST 9 0 65535
acl rule destination address WLAN-GUEST 9 172.16.10.204 255.255.255.255
acl rule destination port range WLAN-GUEST 9 0 65535
acl rule direction WLAN-GUEST 9 In
acl rule dscp WLAN-GUEST 9 any
acl rule protocol WLAN-GUEST 9 any
acl rule add WLAN-GUEST 10 
acl rule action WLAN-GUEST 10 permit
acl rule source address WLAN-GUEST 10 172.16.10.204 255.255.255.255
acl rule source port range WLAN-GUEST 10 0 65535
acl rule destination address WLAN-GUEST 10 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-GUEST 10 0 65535
acl rule direction WLAN-GUEST 10 Out
acl rule dscp WLAN-GUEST 10 any
acl rule protocol WLAN-GUEST 10 any
acl rule add WLAN-GUEST 11 
acl rule action WLAN-GUEST 11 deny
acl rule source address WLAN-GUEST 11 0.0.0.0 0.0.0.0
acl rule source port range WLAN-GUEST 11 0 65535
acl rule destination address WLAN-GUEST 11 10.0.0.0 255.0.0.0
acl rule destination port range WLAN-GUEST 11 0 65535
acl rule direction WLAN-GUEST 11 in
acl rule dscp WLAN-GUEST 11 any
acl rule protocol WLAN-GUEST 11 any
acl rule add WLAN-GUEST 12 
acl rule action WLAN-GUEST 12 deny
acl rule source address WLAN-GUEST 12 0.0.0.0 0.0.0.0
acl rule source port range WLAN-GUEST 12 0 65535
acl rule destination address WLAN-GUEST 12 172.16.0.0 255.240.0.0
acl rule destination port range WLAN-GUEST 12 0 65535
acl rule direction WLAN-GUEST 12 in
acl rule dscp WLAN-GUEST 12 any
acl rule protocol WLAN-GUEST 12 any
acl rule add WLAN-GUEST 13 
acl rule action WLAN-GUEST 13 deny
acl rule source address WLAN-GUEST 13 0.0.0.0 0.0.0.0
acl rule source port range WLAN-GUEST 13 0 65535
acl rule destination address WLAN-GUEST 13 192.168.0.0 255.255.0.0
acl rule destination port range WLAN-GUEST 13 0 65535
acl rule direction WLAN-GUEST 13 in
acl rule dscp WLAN-GUEST 13 any
acl rule protocol WLAN-GUEST 13 any
acl rule add WLAN-GUEST 14 
acl rule action WLAN-GUEST 14 permit
acl rule source address WLAN-GUEST 14 0.0.0.0 0.0.0.0
acl rule source port range WLAN-GUEST 14 0 65535
acl rule destination address WLAN-GUEST 14 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-GUEST 14 0 65535
acl rule direction WLAN-GUEST 14 any
acl rule dscp WLAN-GUEST 14 any
acl rule protocol WLAN-GUEST 14 any
acl apply WLAN-GUEST


*** Flexconnect ACL WLAN-GUEST ***
*** -------------------------- ***

flexconnect acl create WLAN-GUEST
flexconnect acl rule add WLAN-GUEST 1 
flexconnect acl rule action WLAN-GUEST 1 permit
flexconnect acl rule source address WLAN-GUEST 1 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-GUEST 1 68 68
flexconnect acl rule destination address WLAN-GUEST 1 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-GUEST 1 67 67
flexconnect acl rule dscp WLAN-GUEST 1 any
flexconnect acl rule protocol WLAN-GUEST 1 17
flexconnect acl rule add WLAN-GUEST 2 
flexconnect acl rule action WLAN-GUEST 2 permit
flexconnect acl rule source address WLAN-GUEST 2 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-GUEST 2 67 67
flexconnect acl rule destination address WLAN-GUEST 2 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-GUEST 2 68 68
flexconnect acl rule dscp WLAN-GUEST 2 any
flexconnect acl rule protocol WLAN-GUEST 2 17
flexconnect acl rule add WLAN-GUEST 3 
flexconnect acl rule action WLAN-GUEST 3 permit
flexconnect acl rule source address WLAN-GUEST 3 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-GUEST 3 53 53
flexconnect acl rule destination address WLAN-GUEST 3 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-GUEST 3 0 65535
flexconnect acl rule dscp WLAN-GUEST 3 any
flexconnect acl rule protocol WLAN-GUEST 3 17
flexconnect acl rule add WLAN-GUEST 4 
flexconnect acl rule action WLAN-GUEST 4 permit
flexconnect acl rule source address WLAN-GUEST 4 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-GUEST 4 0 65535
flexconnect acl rule destination address WLAN-GUEST 4 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-GUEST 4 53 53
flexconnect acl rule dscp WLAN-GUEST 4 any
flexconnect acl rule protocol WLAN-GUEST 4 17
flexconnect acl rule add WLAN-GUEST 5 
flexconnect acl rule action WLAN-GUEST 5 permit
flexconnect acl rule source address WLAN-GUEST 5 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-GUEST 5 0 65535
flexconnect acl rule destination address WLAN-GUEST 5 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-GUEST 5 161 161
flexconnect acl rule dscp WLAN-GUEST 5 any
flexconnect acl rule protocol WLAN-GUEST 5 17
flexconnect acl rule add WLAN-GUEST 6 
flexconnect acl rule action WLAN-GUEST 6 permit
flexconnect acl rule source address WLAN-GUEST 6 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-GUEST 6 161 161
flexconnect acl rule destination address WLAN-GUEST 6 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-GUEST 6 0 65535
flexconnect acl rule dscp WLAN-GUEST 6 any
flexconnect acl rule protocol WLAN-GUEST 6 17
flexconnect acl rule add WLAN-GUEST 7 
flexconnect acl rule action WLAN-GUEST 7 permit
flexconnect acl rule source address WLAN-GUEST 7 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-GUEST 7 0 65535
flexconnect acl rule destination address WLAN-GUEST 7 172.16.10.203 255.255.255.255
flexconnect acl rule destination port range WLAN-GUEST 7 0 65535
flexconnect acl rule dscp WLAN-GUEST 7 any
flexconnect acl rule protocol WLAN-GUEST 7 any
flexconnect acl rule add WLAN-GUEST 8 
flexconnect acl rule action WLAN-GUEST 8 permit
flexconnect acl rule source address WLAN-GUEST 8 172.16.10.203 255.255.255.255
flexconnect acl rule source port range WLAN-GUEST 8 0 65535
flexconnect acl rule destination address WLAN-GUEST 8 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-GUEST 8 0 65535
flexconnect acl rule dscp WLAN-GUEST 8 any
flexconnect acl rule protocol WLAN-GUEST 8 any
flexconnect acl rule add WLAN-GUEST 9 
flexconnect acl rule action WLAN-GUEST 9 permit
flexconnect acl rule source address WLAN-GUEST 9 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-GUEST 9 0 65535
flexconnect acl rule destination address WLAN-GUEST 9 172.16.10.204 255.255.255.255
flexconnect acl rule destination port range WLAN-GUEST 9 0 65535
flexconnect acl rule dscp WLAN-GUEST 9 any
flexconnect acl rule protocol WLAN-GUEST 9 any
flexconnect acl rule add WLAN-GUEST 10 
flexconnect acl rule action WLAN-GUEST 10 permit
flexconnect acl rule source address WLAN-GUEST 10 172.16.10.204 255.255.255.255
flexconnect acl rule source port range WLAN-GUEST 10 0 65535
flexconnect acl rule destination address WLAN-GUEST 10 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-GUEST 10 0 65535
flexconnect acl rule dscp WLAN-GUEST 10 any
flexconnect acl rule protocol WLAN-GUEST 10 any
flexconnect acl rule add WLAN-GUEST 11 
flexconnect acl rule action WLAN-GUEST 11 deny
flexconnect acl rule source address WLAN-GUEST 11 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-GUEST 11 0 65535
flexconnect acl rule destination address WLAN-GUEST 11 10.0.0.0 255.0.0.0
flexconnect acl rule destination port range WLAN-GUEST 11 0 65535
flexconnect acl rule dscp WLAN-GUEST 11 any
flexconnect acl rule protocol WLAN-GUEST 11 any
flexconnect acl rule add WLAN-GUEST 12 
flexconnect acl rule action WLAN-GUEST 12 deny
flexconnect acl rule source address WLAN-GUEST 12 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-GUEST 12 0 65535
flexconnect acl rule destination address WLAN-GUEST 12 172.16.0.0 255.240.0.0
flexconnect acl rule destination port range WLAN-GUEST 12 0 65535
flexconnect acl rule dscp WLAN-GUEST 12 any
flexconnect acl rule protocol WLAN-GUEST 12 any
flexconnect acl rule add WLAN-GUEST 13 
flexconnect acl rule action WLAN-GUEST 13 deny
flexconnect acl rule source address WLAN-GUEST 13 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-GUEST 13 0 65535
flexconnect acl rule destination address WLAN-GUEST 13 192.168.0.0 255.255.0.0
flexconnect acl rule destination port range WLAN-GUEST 13 0 65535
flexconnect acl rule dscp WLAN-GUEST 13 any
flexconnect acl rule protocol WLAN-GUEST 13 any
flexconnect acl rule add WLAN-GUEST 14 
flexconnect acl rule action WLAN-GUEST 14 permit
flexconnect acl rule source address WLAN-GUEST 14 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-GUEST 14 0 65535
flexconnect acl rule destination address WLAN-GUEST 14 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-GUEST 14 0 65535
flexconnect acl rule dscp WLAN-GUEST 14 any
flexconnect acl rule protocol WLAN-GUEST 14 any
flexconnect acl apply WLAN-GUEST

---

WLAN-CWA-REDIRECT

• permit DHCP
• permit DNS
• permit SNMP
• permit ISE PSNs
• deny ip any any

*** Normal / Standard ACL WLAN-CWA-REDIRECT ***
*** --------------------------------------- ***

acl create WLAN-CWA-REDIRECT
acl rule add WLAN-CWA-REDIRECT 1 
acl rule action WLAN-CWA-REDIRECT 1 permit
acl rule source address WLAN-CWA-REDIRECT 1 0.0.0.0 0.0.0.0
acl rule source port range WLAN-CWA-REDIRECT 1 68 68
acl rule destination address WLAN-CWA-REDIRECT 1 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-CWA-REDIRECT 1 67 67
acl rule direction WLAN-CWA-REDIRECT 1 any
acl rule dscp WLAN-CWA-REDIRECT 1 any
acl rule protocol WLAN-CWA-REDIRECT 1 17
acl rule add WLAN-CWA-REDIRECT 2 
acl rule action WLAN-CWA-REDIRECT 2 permit
acl rule source address WLAN-CWA-REDIRECT 2 0.0.0.0 0.0.0.0
acl rule source port range WLAN-CWA-REDIRECT 2 67 67
acl rule destination address WLAN-CWA-REDIRECT 2 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-CWA-REDIRECT 2 68 68
acl rule direction WLAN-CWA-REDIRECT 2 any
acl rule dscp WLAN-CWA-REDIRECT 2 any
acl rule protocol WLAN-CWA-REDIRECT 2 17
acl rule add WLAN-CWA-REDIRECT 3 
acl rule action WLAN-CWA-REDIRECT 3 permit
acl rule source address WLAN-CWA-REDIRECT 3 0.0.0.0 0.0.0.0
acl rule source port range WLAN-CWA-REDIRECT 3 53 53
acl rule destination address WLAN-CWA-REDIRECT 3 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-CWA-REDIRECT 3 0 65535
acl rule direction WLAN-CWA-REDIRECT 3 any
acl rule dscp WLAN-CWA-REDIRECT 3 any
acl rule protocol WLAN-CWA-REDIRECT 3 17
acl rule add WLAN-CWA-REDIRECT 4 
acl rule action WLAN-CWA-REDIRECT 4 permit
acl rule source address WLAN-CWA-REDIRECT 4 0.0.0.0 0.0.0.0
acl rule source port range WLAN-CWA-REDIRECT 4 0 65535
acl rule destination address WLAN-CWA-REDIRECT 4 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-CWA-REDIRECT 4 53 53
acl rule direction WLAN-CWA-REDIRECT 4 any
acl rule dscp WLAN-CWA-REDIRECT 4 any
acl rule protocol WLAN-CWA-REDIRECT 4 17
acl rule add WLAN-CWA-REDIRECT 5 
acl rule action WLAN-CWA-REDIRECT 5 permit
acl rule source address WLAN-CWA-REDIRECT 5 0.0.0.0 0.0.0.0
acl rule source port range WLAN-CWA-REDIRECT 5 0 65535
acl rule destination address WLAN-CWA-REDIRECT 5 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-CWA-REDIRECT 5 161 161
acl rule direction WLAN-CWA-REDIRECT 5 any
acl rule dscp WLAN-CWA-REDIRECT 5 any
acl rule protocol WLAN-CWA-REDIRECT 5 17
acl rule add WLAN-CWA-REDIRECT 6 
acl rule action WLAN-CWA-REDIRECT 6 permit
acl rule source address WLAN-CWA-REDIRECT 6 0.0.0.0 0.0.0.0
acl rule source port range WLAN-CWA-REDIRECT 6 161 161
acl rule destination address WLAN-CWA-REDIRECT 6 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-CWA-REDIRECT 6 0 65535
acl rule direction WLAN-CWA-REDIRECT 6 any
acl rule dscp WLAN-CWA-REDIRECT 6 any
acl rule protocol WLAN-CWA-REDIRECT 6 17
acl rule add WLAN-CWA-REDIRECT 7 
acl rule action WLAN-CWA-REDIRECT 7 permit
acl rule source address WLAN-CWA-REDIRECT 7 0.0.0.0 0.0.0.0
acl rule source port range WLAN-CWA-REDIRECT 7 0 65535
acl rule destination address WLAN-CWA-REDIRECT 7 172.16.10.203 255.255.255.255
acl rule destination port range WLAN-CWA-REDIRECT 7 0 65535
acl rule direction WLAN-CWA-REDIRECT 7 In
acl rule dscp WLAN-CWA-REDIRECT 7 any
acl rule protocol WLAN-CWA-REDIRECT 7 any
acl rule add WLAN-CWA-REDIRECT 8 
acl rule action WLAN-CWA-REDIRECT 8 permit
acl rule source address WLAN-CWA-REDIRECT 8 172.16.10.203 255.255.255.255
acl rule source port range WLAN-CWA-REDIRECT 8 0 65535
acl rule destination address WLAN-CWA-REDIRECT 8 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-CWA-REDIRECT 8 0 65535
acl rule direction WLAN-CWA-REDIRECT 8 Out
acl rule dscp WLAN-CWA-REDIRECT 8 any
acl rule protocol WLAN-CWA-REDIRECT 8 any
acl rule add WLAN-CWA-REDIRECT 9 
acl rule action WLAN-CWA-REDIRECT 9 permit
acl rule source address WLAN-CWA-REDIRECT 9 0.0.0.0 0.0.0.0
acl rule source port range WLAN-CWA-REDIRECT 9 0 65535
acl rule destination address WLAN-CWA-REDIRECT 9 172.16.10.204 255.255.255.255
acl rule destination port range WLAN-CWA-REDIRECT 9 0 65535
acl rule direction WLAN-CWA-REDIRECT 9 In
acl rule dscp WLAN-CWA-REDIRECT 9 any
acl rule protocol WLAN-CWA-REDIRECT 9 any
acl rule add WLAN-CWA-REDIRECT 10 
acl rule action WLAN-CWA-REDIRECT 10 permit
acl rule source address WLAN-CWA-REDIRECT 10 172.16.10.204 255.255.255.255
acl rule source port range WLAN-CWA-REDIRECT 10 0 65535
acl rule destination address WLAN-CWA-REDIRECT 10 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-CWA-REDIRECT 10 0 65535
acl rule direction WLAN-CWA-REDIRECT 10 Out
acl rule dscp WLAN-CWA-REDIRECT 10 any
acl rule protocol WLAN-CWA-REDIRECT 10 any
acl rule add WLAN-CWA-REDIRECT 11 
acl rule action WLAN-CWA-REDIRECT 11 deny
acl rule source address WLAN-CWA-REDIRECT 11 0.0.0.0 0.0.0.0
acl rule source port range WLAN-CWA-REDIRECT 11 0 65535
acl rule destination address WLAN-CWA-REDIRECT 11 0.0.0.0 0.0.0.0
acl rule destination port range WLAN-CWA-REDIRECT 11 0 65535
acl rule direction WLAN-CWA-REDIRECT 11 any
acl rule dscp WLAN-CWA-REDIRECT 11 any
acl rule protocol WLAN-CWA-REDIRECT 11 any
acl apply WLAN-CWA-REDIRECT

*** Flexconnect ACL WLAN-CWA-REDIRECT ***
*** --------------------------------- ***

flexconnect acl create WLAN-CWA-REDIRECT
flexconnect acl rule add WLAN-CWA-REDIRECT 1 
flexconnect acl rule action WLAN-CWA-REDIRECT 1 permit
flexconnect acl rule source address WLAN-CWA-REDIRECT 1 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-CWA-REDIRECT 1 68 68
flexconnect acl rule destination address WLAN-CWA-REDIRECT 1 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-CWA-REDIRECT 1 67 67
flexconnect acl rule dscp WLAN-CWA-REDIRECT 1 any
flexconnect acl rule protocol WLAN-CWA-REDIRECT 1 17
flexconnect acl rule add WLAN-CWA-REDIRECT 2 
flexconnect acl rule action WLAN-CWA-REDIRECT 2 permit
flexconnect acl rule source address WLAN-CWA-REDIRECT 2 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-CWA-REDIRECT 2 67 67
flexconnect acl rule destination address WLAN-CWA-REDIRECT 2 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-CWA-REDIRECT 2 68 68
flexconnect acl rule dscp WLAN-CWA-REDIRECT 2 any
flexconnect acl rule protocol WLAN-CWA-REDIRECT 2 17
flexconnect acl rule add WLAN-CWA-REDIRECT 3 
flexconnect acl rule action WLAN-CWA-REDIRECT 3 permit
flexconnect acl rule source address WLAN-CWA-REDIRECT 3 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-CWA-REDIRECT 3 53 53
flexconnect acl rule destination address WLAN-CWA-REDIRECT 3 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-CWA-REDIRECT 3 0 65535
flexconnect acl rule dscp WLAN-CWA-REDIRECT 3 any
flexconnect acl rule protocol WLAN-CWA-REDIRECT 3 17
flexconnect acl rule add WLAN-CWA-REDIRECT 4 
flexconnect acl rule action WLAN-CWA-REDIRECT 4 permit
flexconnect acl rule source address WLAN-CWA-REDIRECT 4 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-CWA-REDIRECT 4 0 65535
flexconnect acl rule destination address WLAN-CWA-REDIRECT 4 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-CWA-REDIRECT 4 53 53
flexconnect acl rule dscp WLAN-CWA-REDIRECT 4 any
flexconnect acl rule protocol WLAN-CWA-REDIRECT 4 17
flexconnect acl rule add WLAN-CWA-REDIRECT 5 
flexconnect acl rule action WLAN-CWA-REDIRECT 5 permit
flexconnect acl rule source address WLAN-CWA-REDIRECT 5 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-CWA-REDIRECT 5 0 65535
flexconnect acl rule destination address WLAN-CWA-REDIRECT 5 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-CWA-REDIRECT 5 161 161
flexconnect acl rule dscp WLAN-CWA-REDIRECT 5 any
flexconnect acl rule protocol WLAN-CWA-REDIRECT 5 17
flexconnect acl rule add WLAN-CWA-REDIRECT 6 
flexconnect acl rule action WLAN-CWA-REDIRECT 6 permit
flexconnect acl rule source address WLAN-CWA-REDIRECT 6 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-CWA-REDIRECT 6 161 161
flexconnect acl rule destination address WLAN-CWA-REDIRECT 6 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-CWA-REDIRECT 6 0 65535
flexconnect acl rule dscp WLAN-CWA-REDIRECT 6 any
flexconnect acl rule protocol WLAN-CWA-REDIRECT 6 17
flexconnect acl rule add WLAN-CWA-REDIRECT 7 
flexconnect acl rule action WLAN-CWA-REDIRECT 7 permit
flexconnect acl rule source address WLAN-CWA-REDIRECT 7 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-CWA-REDIRECT 7 0 65535
flexconnect acl rule destination address WLAN-CWA-REDIRECT 7 172.16.10.203 255.255.255.255
flexconnect acl rule destination port range WLAN-CWA-REDIRECT 7 0 65535
flexconnect acl rule dscp WLAN-CWA-REDIRECT 7 any
flexconnect acl rule protocol WLAN-CWA-REDIRECT 7 any
flexconnect acl rule add WLAN-CWA-REDIRECT 8 
flexconnect acl rule action WLAN-CWA-REDIRECT 8 permit
flexconnect acl rule source address WLAN-CWA-REDIRECT 8 172.16.10.203 255.255.255.255
flexconnect acl rule source port range WLAN-CWA-REDIRECT 8 0 65535
flexconnect acl rule destination address WLAN-CWA-REDIRECT 8 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-CWA-REDIRECT 8 0 65535
flexconnect acl rule dscp WLAN-CWA-REDIRECT 8 any
flexconnect acl rule protocol WLAN-CWA-REDIRECT 8 any
flexconnect acl rule add WLAN-CWA-REDIRECT 9 
flexconnect acl rule action WLAN-CWA-REDIRECT 9 permit
flexconnect acl rule source address WLAN-CWA-REDIRECT 9 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-CWA-REDIRECT 9 0 65535
flexconnect acl rule destination address WLAN-CWA-REDIRECT 9 172.16.10.204 255.255.255.255
flexconnect acl rule destination port range WLAN-CWA-REDIRECT 9 0 65535
flexconnect acl rule dscp WLAN-CWA-REDIRECT 9 any
flexconnect acl rule protocol WLAN-CWA-REDIRECT 9 any
flexconnect acl rule add WLAN-CWA-REDIRECT 10 
flexconnect acl rule action WLAN-CWA-REDIRECT 10 permit
flexconnect acl rule source address WLAN-CWA-REDIRECT 10 172.16.10.204 255.255.255.255
flexconnect acl rule source port range WLAN-CWA-REDIRECT 10 0 65535
flexconnect acl rule destination address WLAN-CWA-REDIRECT 10 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-CWA-REDIRECT 10 0 65535
flexconnect acl rule dscp WLAN-CWA-REDIRECT 10 any
flexconnect acl rule protocol WLAN-CWA-REDIRECT 10 any
flexconnect acl rule add WLAN-CWA-REDIRECT 11 
flexconnect acl rule action WLAN-CWA-REDIRECT 11 deny
flexconnect acl rule source address WLAN-CWA-REDIRECT 11 0.0.0.0 0.0.0.0
flexconnect acl rule source port range WLAN-CWA-REDIRECT 11 0 65535
flexconnect acl rule destination address WLAN-CWA-REDIRECT 11 0.0.0.0 0.0.0.0
flexconnect acl rule destination port range WLAN-CWA-REDIRECT 11 0 65535
flexconnect acl rule dscp WLAN-CWA-REDIRECT 11 any
flexconnect acl rule protocol WLAN-CWA-REDIRECT 11 any
flexconnect acl apply WLAN-CWA-REDIRECT

With all of that done and out of the way, lets do one last sanity check to make sure all of our WLC ACLs are actually there for us to call them in the next installment of this Blog series.

Lets check our standard ACLs:

Lets check our flexconnect ACLs:

And thats a wrap!! 🙂

---

Related Resources:

Cisco ISE Community

---

Mentoring and Coaching with Zig:

Through your participation in a healthy mentoring and coaching relationship, you will benefit greatly from the education, the experiences, the influences, leadership and even the resources provided. Learn how you can accomplish more, in one year, than you could accomplish in your career…in your business…and in your life.

Accomplish More Now!!

---

Ask Zig:

Ask Zig episodes feature answers to the questions that you provide. Yes You! The questions can be technical, business, certification, or personal related.  I can help out in all of these areas and much more.  If you would like your question spotlighted and answered on the next #AskZig episode submit them now!

Submit Your #AskZig Question Now!!

---

Provide Feedback

• You can leave a comment on the blog!
• You can leave a voicemail at (617) 913-4103
• You can email us at Feedback@zigbits.tech

---

Engage with Zigbits further:

• Subscribe to the podcast on an iPhone or on an Android
• Follow Zigbits on Twitter!
• Follow Zigbits on LinkedIn!
• Follow Zigbits on Facebook!

---

---

Engage with me further:

• Follow me on Twitter!
• Follow me on LinkedIn!

---

Transparency:

This post may contain affiliate links to products or services were I may receive a level of compensation from your actions by following those links. This is seamless to you and does not add any additional cost to the products or services in question. In addition, I do not let any affiliate relationship cloud my judgement or my recommendation of a product or service. My recommendations will always be above reproach.  This is my commitment to you Ziglets!