Can a role be applied to a port for unauthenticated wired traffic? In my lab, I created VLAN 100 on the controller (7010) and put it on port 14 (access not trunk). For testing purposes I am using the controller for DHCP. I connect my test laptop up and draw the right address and I get out to the universe. I get to the universe on VLAN 10. here is the quick breakdown:
VLAN 10 - 192.168.30.X (port 2) inter VLAN routing enabled, not NATing
VLAN 100 - 172.16.100.X (port 14) inter VLAN routing enabled, not NATing
Controller IP - 192.168.30.225 (VLAN 10)
wired laptop IP - 172.16.100.2
So I created a role called VLAN-100-LAN and applied it to VLAN 100. I then created a session based ACL rule to deny access to 192.168.30.218 which is a printer.
problem - I can still get to the printer... Any ideas?