Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
753
Views
0
Helpful
4
Replies

Options for wireless access lists

Go to solution
chad.drier
Level 1
Level 1

‎01-16-2020 11:43 AM

Hello Community,  Currently we are using Airespace access lists in ISE and using local mode instead of centrally switched.   Our cisco rep told us that we shouldn't use airespace access lists and these should be using dacls instead.  Everything I have read for wireless, you should use airespace and dacls are for wired. 

 

Is this not true?  Are there other ways to deploy access lists when using wireless locally switched?

 

Thank you! 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎01-16-2020 12:03 PM

That is correct.  AFAIK, dACL's are not supported on the wireless side yet.  You have to create the named ACL's on the controller and then you can reference them by name in your ISE policies.

View solution in original post

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to Mike.Cifelli

‎01-16-2020 01:21 PM

While this is true for the 5500 series, it is entirely dependent on the WLC OS.

The most widely deployed WLC models (5500, 2500, 3500) are built on the AireOS and would require Airespace ACLs, but some models are build on IOS-XE. The IOS-XE models like the 5700 series do support downloadable ACLs.

The new Catalyst 9800 series WLCs are also built on IOS-XE and support the use of dACLs as shown in this ISE and Catalyst 9800 Series Integration Guide 

 

Cheers,

Greg

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎01-16-2020 12:03 PM

That is correct.  AFAIK, dACL's are not supported on the wireless side yet.  You have to create the named ACL's on the controller and then you can reference them by name in your ISE policies.

0 Helpful

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni
In response to Colby LeMaire

‎01-16-2020 12:22 PM

@Colby LeMaire is right.  I have been going through deploying wireless in our enterprise over the last few weeks.  We have 5520 WLCs with ~45 APs.  On the WLC setup your ACLs under:Security->Access Control Lists.  Then in the authz profile you intend to use reference them via airespace acl name.  Make sure on WLC side your AAA servers, override etc. are configured properly.

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee
In response to Mike.Cifelli

‎01-16-2020 01:21 PM

While this is true for the 5500 series, it is entirely dependent on the WLC OS.

The most widely deployed WLC models (5500, 2500, 3500) are built on the AireOS and would require Airespace ACLs, but some models are build on IOS-XE. The IOS-XE models like the 5700 series do support downloadable ACLs.

The new Catalyst 9800 series WLCs are also built on IOS-XE and support the use of dACLs as shown in this ISE and Catalyst 9800 Series Integration Guide 

 

Cheers,

Greg

0 Helpful

Go to solution
chad.drier
Level 1
Level 1
In response to Greg Gibbs

‎01-17-2020 07:06 AM

Thanks @Greg Gibbs  for the great information.   This makes a lot of sense because we are currently on the 2504/5508 but we will be migrating to the Catalyst 9800 series WLCs.  Thank you!

0 Helpful
Customers Also Viewed These Support Documents