Try to block traffic to an ip
I will try to explain my demand.
I have an ALE Cirrus with X APs on my site.
I have 1 SSID Corporate / 1 SSID Guest / 1 SSID Other
On my site I have only one vlan
My SSID Corporate have to access al ressources –> Ok no problem
My SSID Guest have to be isolate –> Ok no problem with client isolation
My SSID Other have to acess only Internet and a server on my lan and don’t have access to the rest of the lan.
So I want to create an ACL or something sinilaire on my SSID OTHER
Access IE + access only 192.168.1.X ….
It is possible ? I can’t do it..
I try to play with ALC Tab but with no success
I would suggest creating an ARP (Access Role Profile) and attaching it to the "Other" SSID and including a policy list in the ARP. You can find a video in the "Live" section of Spacewalkers which can give you an idea about ARP (also known as UNP: User Network Profile).
In the policy list, you will need to include, not only access to the specific server IP but also every other pre-requisite such as ARP (Address Resolution Protocol), DHCP, DNS as well as traffic going in and out to the Internet. I don't know whether you simply have a router doing NAT/PAT out to the internet or use a proxy etc. If you have a router, you could create a policy allowing traffic to/from the router's MAC. If using a proxy, you can do it with the IP address of the proxy.
Hope this helps.