topic ACL - WLC Webauth functionality in Wireless

ACL - WLC Webauth functionality

madhankumar.g — Sun, 04 Jul 2021 05:44:41 GMT

Hi,

We have Wireless Guest access implemented in the site using WLC webauth functionality. The IP address pool used for guest access is having access to internal devices other than internet.

We are implementing access-list in the gateway of the guest users to restrict their access only to internet.

but after implementing the ACL, Guest authentication web page is not being recieved by clients and they are not able to authenticate.

Below is the ACL used in the gateway. Please suggest if any other ports or protocols need to be allowed. Thanks.

IP access-list extended PNU_GUEST_ACL

10 permit ip <Guest subnet> <WLC-subnet>

15 permit ip <Guest subent> <WCS-subnet>

20 permit ip <Guest subnet> <proxy-ip> <proxy port>

30 permit tcp <Guest subnet> <DNS IP> <port 53>

40 permit ip <Guest subnet> host 1.1.1.1

50 permit ip <Guest subnet> <DHCP IP> <port 67>

60 permit ip any <Guest subnet>

70 deny ip any any

The access-list is applied in "IN Direction" on the gateway interface of guests.

Regards,

Madhan kumar G

Re: ACL - WLC Webauth functionality

Scott Fella — Sun, 30 Sep 2012 14:40:42 GMT

Well you can create a pre auth acl which allows DNS, DHCP, permit any to the WLC.

Sent from Cisco Technical Support iPhone App

Re: ACL - WLC Webauth functionality

madhankumar.g — Mon, 01 Oct 2012 14:29:48 GMT

Thanks Scott. Your suggestion really helped. I have created pre auth ACLs and achieved positive results.

Regards,

Madhan kumar G

Re: ACL - WLC Webauth functionality

Scott Fella — Mon, 01 Oct 2012 14:50:08 GMT

Good to hear... Thanks for using the rating system also!

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"