Solved: DACL issue on WLC flexconnect AP clients

misinsuan2229 · ‎11-05-2018

Just wanted to ask if DACL is working for Cisco WLC with APs configured as flexconnect. I am doing POC for ISE posture and was able to have the ISE posture work with redirection while unknown and the scan, but the problem is that after posturing - seems like the DACL I created for compliant or non-compliant machines is not being enforce and all will have full access regardless of posture results. Any help will be appreciated - thank you very much.

Surendra · ‎11-06-2018

WLCs do not support DACLs. What you can send is Airspace-ACLs which will have to be configured on the WLCs and the name needs to be pushed from the authorization profile ("Airspace ACL name" is the field in Authz Profile).

View solution in original post

Surendra · ‎11-06-2018

WLCs do not support DACLs. What you can send is Airspace-ACLs which will have to be configured on the WLCs and the name needs to be pushed from the authorization profile ("Airspace ACL name" is the field in Authz Profile).

ognyan.totev · ‎11-06-2018

I am agree it support Air Acl ,in the WLC there are FlexConnect ACL you must define your there.And them names must match exactly in ISE.

paul · ‎11-06-2018

In addition you need to push the FlexConnect ACLs out to the APs in the FlexConnect group settings. Just because you define the FlexConnect ACL on the WLC doesn't mean it gets pushed to all APs.