I came across an interesting feature I would like share on the 7.4 version of Cisco 5508 WLAN controller.
I was asked to block bit torrent, audio and voice streaming on the guest WLAN for obvious reasons. The old way, doing it on a firewall or with an ACL on the WLAN controller was rather clunky at best.
If you are either on 7.4 or can jump to it, here’s all it took to turn on this nifty feature.
Here’s the flavor of code that I’m running:
Browse to Wirelessà Application Visibility And Control à AVC Profiles and select NEW.
Next come up with a name that fits your organization. I’ll call mine “WLAN Restrictions” because there will be a list of things and not one single application. Your mileage may vary, of course.
After you create the Profile, click on it and you will see that there are no rules associated with the profile.
Look over to the right hand side of the screen and click on “Add New Rule”…
This way is kind of clunky, but I will go ahead with explaining it. To block Audio, you have to select “voice-and-video” as the Application Group and then select the Application Name. In this case, I selected “audio-over-http” and then selected Drop as the action.
Now you can add another rule. But this time we’re going to go a different way. We want to block bit torrent, but we don’t know which Application Group it is in. This time, browse to Wirelessà Application Visibility And Control à AVC Profiles and select AVC Applications.
Scroll down and click “bittorrent” and then use the AVC Name Drop down and select the Application Profile you created in the first step and select Ddrop as the action. Drop is the default, so you really don’t have to do anything.
Now browse to the WLAN you want to apply the AVC Profile to. I’m sure you know where it is, but in case you forgot, browse to WLANSà WLANsà WLAN ID (of the WLAN Profile) and then browse to the QoS tab. Select the AVC Profile and apply.
That’s it. You’re finished. Don’t forget to save your config!