DNA Center adding DNAC_ACL_WEBAUTH_REDIRECT to flex profile

derekmccabe · ‎04-23-2022

Hi All,

I have a problem with DNA Center in that whenever we reprovision the Fabric WLC it adds DNAC_ACL_WEBAUTH_REDIRECT to flex profile, is there some way that this can be prevented from happening? (Device Controllability option maybe?)

We use a different ACL (NEW_ACL_WEBAUTH_REDIRECT) for the purpose of redirecting our Guest Portals to a DMZ and when DNAC_ACL_WEBAUTH_REDIRECT is added to the profile it seems to become the preferred redirect ACL on the APs thus breaking our Guest Wifi Access.

After deleting the DNAC_ACL_WEBAUTH_REDIRECT from flex profile it can take up to 2 hours for the redirect to start working again

I have added a screenshot, could anyone advise as to what they have done in this situation?

Thanks

Flavio Miranda · ‎04-23-2022

I can´t see your screen shot but it can be "Device Controllability". At least, it is a good idea keep it disable.

Dan Rowe · ‎04-25-2022

This ACL will also be configured by DNAC when you provision a wireless LAN controller. Device controllability disabled will not prevent this ACL from being configured. This ACL should only come into play when performing L3 Web authentication. ISE should include the 'NEW_ACL_WEBAUTH_REDIRECT' in the authorization profile AAA parameters to the WLC for the guest client. As long as ISE is configured correctly, having the 'DNAC_ACL_WEBAUTH_REDIRECT' in the flex group as well should not break the current functionality.