11-15-2018 11:51 AM
Running into an issue that I can't seem to find a reason/solution for - I have a more/less basic guest portal - once the client successfully logs in as a guest ISE sends a CoA, the session is re-authenticated, and an authz profile is matched that pushes an Airespace ACL over to the WLC - however the client has full access to the network regardless of what I have in my ACL (even a deny any any).
On the WLC I have that ACL configured as a Flexconnect ACL, and have it pushed down to the AP. In the client details I see the ACL applied, although it is listed under 'IPv4 ACL Name' instead of the 'AAA Override ACL' section; which may be normal, but just something that looks off to me:
Flexconnect ACL is configured as below (any any was changed to Deny while troubleshooting):
'Allow AAA Override' is enabled on the WLAN as well as 'NAC State = Radius NAC'
ISE is version 2.1, and the controller is 8.0.152 vWLC
Any help would be appreciated.
-Thanks
11-16-2018 11:59 AM
did you guys look at the guest guide examples?
https://community.cisco.com/t5/security-documents/ise-guest-access-deployment-guide/ta-p/3640475
11-16-2018 12:48 PM
Link is bad - based on your link though I searched and found this one which I suspect you were trying to link to:
However, that guide is for a centrally-switched AP; not Flexconnect
-Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide