ā08-08-2024 01:51 PM
Hi,
I need to edit this ACL DNAC_ACL_WEBAUTH_REDIRECT created automatic by the DNAC Server.
How can i edit this? At my controller side or at the DNAC?
ā08-08-2024 03:31 PM - edited ā08-08-2024 03:31 PM
Starting 2.3.5.x you can customize the pre-auth ACL :
Effective with Release 2.3.5.4, Cisco DNA Center-generated preauthentication ACLs are created only for the configured AAA or PSN servers for CWA SSIDs of guest wireless networks. If you upgrade to Release 2.3.5.4 from Release 2.3.5.3 or earlier, to ensure that there is no compliance mismatch, you must reprovision the wireless controller
If you want a custom ACL in any other release, I suggest to NOT modify the DNAC_ACL_WEBAUTH_REDIRECT ACL and instead create a new one with the required ACEs and add it manually to the default FLEX profile on the C9800 WLC (this can be done too in AireOS controllers). This is because CatC/DNAC will likely remove any unexpected configuration under that ACL.
Ex.
ip access-list ext NEW_ACL
--ACEs--
wireless profile flex default-flex-profile
acl-policy NEW_ACL
central-webauth
You can do this via template or manual configuration on the CLI.
After that, edit your ISE authorization profile for Guest Access and use the new CLI name instead of DNAC_ACL_WEBAUTH_REDIRECT
ā08-08-2024 05:26 PM - edited ā08-08-2024 05:29 PM
Hi,
And from DNAC release 2.3.5.3 with a 3504 controller its better to create a new acl?
Enviroment
1x 3504 Controller Version: 8.10.185.0 for this customer fabric
1x DNAC 2.3.5.3
2x Cisco ISEs 3.3 Patch 2
ā08-08-2024 10:23 PM
If upgrade is not a possibility, you can do it manually too in AireOS
The CLI way to create the ACL on the AireOS is a bit more complex (and tedious in some way) than doing it on the GUI; so I would create another one via GUI and add it to the FLEX profile like this:
config fabric flex-acl-template template-entry DNAC_FABRIC_FLEX_ACL_TEMPLATE add [new_ACL_Name]
The rest is the same (modify ISE authorization profile to use the new ACL name)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide