I really need to understand this command role:
config flexconnect group group-name policy acl add acl-name
(Hardware used: Cisco Aironet 1815I/Mobility Express 8.8)
It is very poorly/badly doccumented.
( I think it is present in the Mobility Express WebGUI as Menu/Advanced/Security Settings/Policy ACL toggle button)
Thanks for any help
For an example if you are pushing a ACL to your wireless clients through radius server authorization policy for restricting their access. In that scenario like switch, WLC will not support dACL. So you have to configure the ACL rules in the WLC and that name has to be present in the Authorization Result. So that it will be applied to the client via radius server.
For Local mode AP, Since the traffic is going through the WLC. You don't need to push the ACL on all the APs. ACL configured on controller will be applied only the Airespace ACL name will be applied through radius
But in the flex-connect scenario, You have to apply those ACLs created under Flex ACL in to all the APs or to the Flex connect groups.
Hope this helps you.
Thank you for your answer. For what I'm testing now, It doesn't seem required for FlexConnect static Vlan/ACL mappings. So is it only required for RADIUS/ACL mappings? Is this the role of this command?
Can u pls let us know, whats the exact test case you are working ?
I am experimenting with static ACL/static vlan scenarios, and dynamic ACL/dynamic vlan using RADIUS.
You are right, my experimentings show that it is required for RADIUS-based named ACL.
It doesn't seem required for static ACLs. I have to check this point again.