hi am trying to block 7010 WLC admin portal access (port: 4343) from Guest network but its not happening.
we created a policy (block-internal-access) (source: user, Destination: controller IP, Service: tcp 4343, action: deny) and added to Post Logon Role (Auth-Guest Role) and mapped Auth-Guest Role to Captive Portal.
captive portla add on initial Role (Guest-Logon), Guest-Logon role add on AAA (dot1x-PSK) and finally mapped to Virtual AP.
but guest users still able to access WLC admin portal login page.
Ref attachement.
1. Block-Internal-Access
2. Auth-Guest Role