Create or Edit an ACL in a Cisco Wireless Controller through the CLI
Creating Access Lists in a Cisco Wireless controller can be quite a chore whether it is in the GUI or the CLI... Either way, it can be cumbersome and time consuming.
The script below will make life much easier if you need to Edit an existing ACL, or if you have to Create several similar ACL's on separate controllers or even the same controller.
Currently, If you need to change the ACL name, you have to delete the ACL completely and rebuild it... this is a complete waste of time through the GUI.
Instead, copy the ACL from the CLI, make your edits in notepad, delete the ACL in the WLC and then paste the newly edited ACL into the CLI to recreate it with the new name.
If you need to just create and ACL quickly, or if you need to create several ACL's with different source and destination IP addresses, use the script below and edit where appropriate to make it more specific for your deployment.
From the WLC CLI prompt:
config acl create CWA_Redirect
!
config acl rule add CWA_Redirect 1
config acl rule source port range CWA_Redirect 1 0 65535
config acl rule action CWA_Redirect 1 permit
config acl rule destination address CWA_Redirect 1 192.168.100.15 255.255.255.255
config acl rule destination port range CWA_Redirect 1 0 65535
!
config acl rule add CWA_Redirect 2
config acl rule source address CWA_Redirect 2 192.168.100.15 255.255.255.255
config acl rule source port range CWA_Redirect 2 0 65535
config acl rule action CWA_Redirect 2 permit
config acl rule destination port range CWA_Redirect 2 0 65535
!
config acl rule add CWA_Redirect 3
config acl rule source port range CWA_Redirect 3 0 65535
config acl rule action CWA_Redirect 3 permit
config acl rule destination address CWA_Redirect 3 192.168.100.16 255.255.255.255
config acl rule destination port range CWA_Redirect 3 0 65535
!
config acl rule add CWA_Redirect 4
config acl rule source address CWA_Redirect 4 192.168.100.16 255.255.255.255
config acl rule source port range CWA_Redirect 4 0 65535
config acl rule action CWA_Redirect 4 permit
config acl rule destination port range CWA_Redirect 4 0 65535
!
config acl rule add CWA_Redirect 5
config acl rule source address CWA_Redirect 5 192.168.100.0 255.255.255.0
config acl rule source port range CWA_Redirect 5 0 65535
config acl rule action CWA_Redirect 5 permit
config acl rule destination port range CWA_Redirect 5 0 65535
!
config acl rule add CWA_Redirect 6
config acl rule source port range CWA_Redirect 6 0 65535
config acl rule action CWA_Redirect 6 permit
config acl rule destination address CWA_Redirect 6 192.168.100.0 255.255.255.0
config acl rule destination port range CWA_Redirect 6 0 65535
config acl rule protocol CWA_Redirect 6 17
!
config acl rule add CWA_Redirect 7
config acl rule source port range CWA_Redirect 7 53 53
config acl rule action CWA_Redirect 7 permit
config acl rule destination port range CWA_Redirect 7 53 53
config acl rule protocol CWA_Redirect 7 17
!
config acl rule add CWA_Redirect 8
config acl rule source port range CWA_Redirect 8 0 65535
config acl rule action CWA_Redirect 8 permit
config acl rule destination port range CWA_Redirect 8 0 65535
config acl rule protocol CWA_Redirect 8 1
!
config acl rule add CWA_Redirect 9
config acl rule source port range CWA_Redirect 9 0 65535
config acl rule destination port range CWA_Redirect 9 0 65535
!
config acl apply CWA_Redirect
The first line, creates the ACL on the WLC
Each section below that line is a line in the ACL, permitting or denying, specifying sources and destinations, protocols and port numbers. If I section does not have a specific "permit" statement in it, then it is an implied "Deny"
The last line applies the ACL to the WLC running config.
When you first start configuring ACL's this way, you can paste these in one section at a time and check the GUI to see them being added to the WLC... just make sure to refresh the webpage each time.
Don't forget to save your config once you are done!
The script above will give you an ACL that looks like this in the WLC
Creating Access Lists in a Cisco Wireless controller can be quite a chore whether it is in the GUI or the CLI... Either way, it can be cumbersome and time consuming.
The script below will make life much easier if you need to Edit an existing ACL, or if you have to Create several similar ACL's on separate controllers or even the same controller.
Currently, If you need to change the ACL name, you have to delete the ACL completely and rebuild it... this is a complete waste of time through the GUI.
Instead, copy the ACL from the CLI, make your edits in notepad, delete the ACL in the WLC and then paste the newly edited ACL into the CLI to recreate it with the new name.
If you need to just create and ACL quickly, or if you need to create several ACL's with different source and destination IP addresses, use the script below and edit where appropriate to make it more specific for your deployment.
From the WLC CLI prompt:
config acl create CWA_Redirect
!
config acl rule add CWA_Redirect 1
config acl rule source port range CWA_Redirect 1 0 65535
config acl rule action CWA_Redirect 1 permit
config acl rule destination address CWA_Redirect 1 192.168.100.15 255.255.255.255
config acl rule destination port range CWA_Redirect 1 0 65535
!
config acl rule add CWA_Redirect 2
config acl rule source address CWA_Redirect 2 192.168.100.15 255.255.255.255
config acl rule source port range CWA_Redirect 2 0 65535
config acl rule action CWA_Redirect 2 permit
config acl rule destination port range CWA_Redirect 2 0 65535
!
config acl rule add CWA_Redirect 3
config acl rule source port range CWA_Redirect 3 0 65535
config acl rule action CWA_Redirect 3 permit
config acl rule destination address CWA_Redirect 3 192.168.100.16 255.255.255.255
config acl rule destination port range CWA_Redirect 3 0 65535
!
config acl rule add CWA_Redirect 4
config acl rule source address CWA_Redirect 4 192.168.100.16 255.255.255.255
config acl rule source port range CWA_Redirect 4 0 65535
config acl rule action CWA_Redirect 4 permit
config acl rule destination port range CWA_Redirect 4 0 65535
!
config acl rule add CWA_Redirect 5
config acl rule source address CWA_Redirect 5 192.168.100.0 255.255.255.0
config acl rule source port range CWA_Redirect 5 0 65535
config acl rule action CWA_Redirect 5 permit
config acl rule destination port range CWA_Redirect 5 0 65535
!
config acl rule add CWA_Redirect 6
config acl rule source port range CWA_Redirect 6 0 65535
config acl rule action CWA_Redirect 6 permit
config acl rule destination address CWA_Redirect 6 192.168.100.0 255.255.255.0
config acl rule destination port range CWA_Redirect 6 0 65535
config acl rule protocol CWA_Redirect 6 17
!
config acl rule add CWA_Redirect 7
config acl rule source port range CWA_Redirect 7 53 53
config acl rule action CWA_Redirect 7 permit
config acl rule destination port range CWA_Redirect 7 53 53
config acl rule protocol CWA_Redirect 7 17
!
config acl rule add CWA_Redirect 8
config acl rule source port range CWA_Redirect 8 0 65535
config acl rule action CWA_Redirect 8 permit
config acl rule destination port range CWA_Redirect 8 0 65535
config acl rule protocol CWA_Redirect 8 1
!
config acl rule add CWA_Redirect 9
config acl rule source port range CWA_Redirect 9 0 65535
config acl rule destination port range CWA_Redirect 9 0 65535
!
config acl apply CWA_Redirect
The first line, creates the ACL on the WLC
Each section below that line is a line in the ACL, permitting or denying, specifying sources and destinations, protocols and port numbers. If I section does not have a specific "permit" statement in it, then it is an implied "Deny"
The last line applies the ACL to the WLC running config.
When you first start configuring ACL's this way, you can paste these in one section at a time and check the GUI to see them being added to the WLC... just make sure to refresh the webpage each time.
Don't forget to save your config once you are done!
The script above will give you an ACL that looks like this in the WLC