Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
540
Views
0
Helpful
0
Replies

CSCup98797 - DNS-Based ACLs only work with radius NAC

Alberto Garcia
Level 1
Level 1

‎11-07-2014 03:05 AM - edited ‎03-20-2019 08:21 PM

I,m trying to use DNS-based ACL with pre-authentication ACL, in order to allow access to some URL's before the client will be authenticate by external captive portal without RADIUS

In the bug search web, this bug appears as fixed, but i,m running 7.6.130 code in WLC 5500 and the behavior is the same, URL's has not effect because i,m not using RADIUS.

I see in the Cisco Wireless LAN Controller Configuration Guide, Release 8.0 the following advice:

  • DNS-based ACLs work only when RADIUS NAC (central web authentication or posture) are done on the SSID. DNS-based ACLs do not work with local web authentication or any other form of ACL other than a redirect-ACL used in the case of RADIUS NAC.

so in 8.0 code the behavior is the same as 7.6.130

I can't understand why Cisco WLC is not able to permit access using URL's instead of ip address without RADIUS, most manufactures can do it, even Meraki that now is part of Cisco can do this. Is imposible open thousand of ip address in the ACL if you want to open facebook or akamai for example.

 

Anybody knows a workarround to achieve this? 

 

Regards!

4 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents