cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3217
Views
0
Helpful
4
Replies

DACL, WLC, and ISE: Unsupported?

timothybwork
Level 1
Level 1

Hi,

I've seen a lot of conflicting information on this topic and am looking for a firm answer.

It appears that Airespace-ACL can be used to point to an existing ACL on a WLC.  So if I have a user authenticated via Wireless (802.1x), Airespace-ACL can be used to point to an existing ACL (statically defined on the WLC) which can control that user's traffic.  But DACL is not supported, so I can't use ISE as the single point of control to feed the ACL back to the users.  Is that correct?  I know I can use SGT, but Trustsec can't be deployed in my environment.

1 Accepted Solution

Accepted Solutions

Francesco Molino
VIP Alumni
VIP Alumni

Hi 

Yes you're right. DACL isn't supported on AireOS. However there are supported on IOS running wlc.

Thanks 

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

4 Replies 4

Francesco Molino
VIP Alumni
VIP Alumni

Hi 

Yes you're right. DACL isn't supported on AireOS. However there are supported on IOS running wlc.

Thanks 

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Marvin Rhoads
Hall of Fame
Hall of Fame

As Francesco noted - a Cisco WLC most definitely does not support DACLs.

We need to define them locally on the WLC and then ISE can apply them out dynamically as part of an authorization result.

Amr2
Level 1
Level 1

is this limitation still in the WLC ???

AireOS or IOS-XE 9800?