Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
703
Views
0
Helpful
2
Replies

Flexconnect dACL applied but not being enforced

Daniel Lucas
Level 1
Level 1

‎11-15-2018 11:51 AM

Running into an issue that I can't seem to find a reason/solution for - I have a more/less basic guest portal - once the client successfully logs in as a guest ISE sends a CoA, the session is re-authenticated, and an authz profile is matched that pushes an Airespace ACL over to the WLC - however the client has full access to the network regardless of what I have in my ACL (even a deny any any).

On the WLC I have that ACL configured as a Flexconnect ACL, and have it pushed down to the AP. In the client details I see the ACL applied, although it is listed under 'IPv4 ACL Name' instead of the 'AAA Override ACL' section; which may be normal, but just something that looks off to me:

1.PNG

 

Flexconnect ACL is configured as below (any any was changed to Deny while troubleshooting):

1.PNG

'Allow AAA Override' is enabled on the WLAN as well as 'NAC State = Radius NAC'

ISE is version 2.1, and the controller is 8.0.152 vWLC

 

Any help would be appreciated.

-Thanks

0 Helpful
2 Replies 2

Jason Kunst
Cisco Employee
Cisco Employee

‎11-16-2018 11:59 AM

did you guys look at the guest guide examples?

 

https://community.cisco.com/t5/security-documents/ise-guest-access-deployment-guide/ta-p/3640475 

0 Helpful

Daniel Lucas
Level 1
Level 1
In response to Jason Kunst

‎11-16-2018 12:48 PM

Link is bad - based on your link though I searched and found this one which I suspect you were trying to link to:

https://community.cisco.com/t5/security-documents/ise-guest-access-prescriptive-deployment-guide/ta-p/3640475

 

However, that guide is for a centrally-switched AP; not Flexconnect

 

-Thanks

0 Helpful
Customers Also Viewed These Support Documents