07-03-2008 11:24 AM - edited 02-21-2020 02:54 AM
I have NAC setup for user-based role VLAN assignment deployed as OOB VG L2. I have a default access, authentication, and user VLAN setup. The user VLANis for guest. So, a guest opens there broswer and the guest is prompted to enter credentials. Credentials are accepted. The browser refreshes IP and I get a "Limited connectivity...169.254.etc...". I get this error when I apply the below ACL to the 'user vlan' interface (i.e. ip access-group 110 in), when the ACL is not assign everything works fine and the guest can roam my entire internal network. My DHCP/DNS is on the 10.0.0.0 network. Anyone have any ideas why I am getting this error?
access-list 110 deny ip 192.168.41.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 110 deny ip 192.168.41.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 110 permit ip 192.168.41.0 0.0.0.255 192.168.41.0 0.0.0.255
access-list 110 deny ip 192.168.41.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 110 permit ip 192.168.41.0 0.0.0.255 any
Solved! Go to Solution.
07-07-2008 01:18 PM
Hi there -
What Vlan and IP does the guest user have when he experiences the web page challenging credentials?
What vlan and IP do you want the guest to have once the guest authenticates as a guest?
My initial thought is your ACL is denying the DHCP requests and the DNS requests, since you mention the DHCP and DNS are on the 10.0.0.0/8 network.
thxs
peter
07-07-2008 01:18 PM
Hi there -
What Vlan and IP does the guest user have when he experiences the web page challenging credentials?
What vlan and IP do you want the guest to have once the guest authenticates as a guest?
My initial thought is your ACL is denying the DHCP requests and the DNS requests, since you mention the DHCP and DNS are on the 10.0.0.0/8 network.
thxs
peter
07-14-2008 04:34 AM
Peter,
Thank you for your assistance!!! It was the ACL denying the DHCP requests and the DNS requests.
-K
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide