Put an allow ACL *with* log on the http server/vty line. You will see an ACL match or deny in the log.
When you restrict management access with ACLs you can restrict access to your management network only.
For normal AP operation (transparent bridging) the IP address of BVI 1 isn't needed at all. So can use a whole different subnet for managing and your wireless stations.
! access-list 23 remark Restrict telnet access access-list 23 permit 172.22.234.0 0.0.0.255 log access-list 23 deny any ! line vty 0 4 access-class 23 in terminal-type ansi transport preferred all transport input all transport output all line vty 5 15 access-class 23 in terminal-type ansi transport preferred all transport input all transport output all !
air350# show logging ... Apr 12 19:08:50.292 MEST: %SEC-6-IPACCESSLOGS: list 23 permitted
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.