Preauth ACL in WLC 9800 Behaviour

ramziabdelhak — Mon, 26 Jun 2023 00:26:10 GMT

Hello everyone,

I need to configure a preauth ACL for webauth " CWA ". In fact, i am migrating from a WLC 2500 to WLC 9800, and the confusion is in the permit/deny enries, on the 2500, they say :

"this ACL is referenced in the access-accept of the ISE and defines what traffic should be redirected (denied by the ACL) and what traffic should not be redirected (permitted by the ACL)"

on the other hand, when reading the config guide of the 9800, they say :

"This redirect ACL is not a security ACL but a punt ACL that defines what traffic goes to the CPU (on permits) for further treatment (like redirection) and what traffic stays on the data plane (on deny) and avoids redirection."

what i understand is that the logic is inversed on the new plateform, i am right ? should i reverse all the entries found on the preauth acl of the 2500 ?

Thanks in advance

Re: Preauth ACL in WLC 9800 Behaviour

Haydn Andrews — Mon, 26 Jun 2023 01:00:17 GMT

Follow this guide for the ACL on the 9800

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213920-central-web-authentication-cwa-on-cata.html#toc-hId-881505252

Deny to ISE, DNS, and permit to www

topic Re: Preauth ACL in WLC 9800 Behaviour in Wireless

Preauth ACL in WLC 9800 Behaviour

Re: Preauth ACL in WLC 9800 Behaviour