-1

The routers here broadcast two SSID. One for guest, the other for Company Users. Our users are attempting to access a specific URL but unable to through the Company WiFi. But are able to access the URL through the guest network and when directly connect via Ethernet. This led me to believe this is some ACL issue on the Company WiFi that is blocking it. We do not use a web GUI for our Routers and I am new to Cisco iOS so how would I permit this specific URL? Which access-list does it belong to? Here is the info for the specific SSID / interface:

interface Dot11Radio1.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 input-address-list 700
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled

As you can see it imports the address-list 700 which is all the MAC addresses for each user and Blocks - unknown-source. Do I have to edit the bridge-group or do I have to create an access-list specific for URL's and import that to the bridge-group as well? Or am I just over complicating things?

Michael Irigoyen
  • 22,513
  • 17
  • 89
  • 131
DataLoss
  • 1
  • 1

1 Answers1

0

The control on url access does not happen there. You should look into the configuration for a block like this:

class-map match-any nofacebook
 match protocol http host "*facebook.com"
 match protocol http host "*youtube.com"
!
policy-map nofacebook
 class nofacebook
 drop

and it would be applied to your "internet" facing interface like this:

interface GigabitEthernet0/0
 service-policy output nofacebook

Maybe your guests are being routed through another link? do you have ACLs in place?

nickoarg
  • 1