Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1160
Views
0
Helpful
4
Replies

what is the command 'config flexconnect group group-name policy acl add acl-name' role?

computerone1
Level 1
Level 1

‎05-16-2019 02:35 AM - edited ‎07-05-2021 10:24 AM

Hi

 

I really need to understand this command role:

config flexconnect group group-name policy acl add acl-name

 

(Hardware used: Cisco Aironet 1815I/Mobility Express 8.8)

It is very poorly/badly doccumented.

 

( I think it is present in the Mobility Express WebGUI as Menu/Advanced/Security Settings/Policy ACL toggle button)

 

Thanks for any help

 

!!

 

0 Helpful
4 Replies 4

Sathiyanarayanan Ravindran
Spotlight
Spotlight

‎05-16-2019 03:22 AM

For an example if you are pushing a ACL to your wireless clients through radius server authorization policy for restricting their access. In that scenario like switch, WLC will not support dACL. So you have to configure the ACL rules in the WLC and that name has to be present in the Authorization Result. So that it will be applied to the client via radius server.

 

For Local mode AP, Since the traffic is going through the WLC. You don't need to push the ACL on all the APs. ACL configured on controller will be applied only the Airespace ACL name will be applied through radius

 

But in the flex-connect scenario, You have to apply those ACLs created under Flex ACL in to all the APs or to the Flex connect groups.

 

Hope this helps you.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
0 Helpful

computerone1
Level 1
Level 1
In response to Sathiyanarayanan Ravindran

‎05-16-2019 05:18 AM - edited ‎05-16-2019 05:19 AM

Thank you for your answer. For what I'm testing now, It doesn't seem required for FlexConnect static Vlan/ACL mappings. So is it only required for RADIUS/ACL mappings? Is this the role of this command?

 

 

0 Helpful

Sathiyanarayanan Ravindran
Spotlight
Spotlight
In response to computerone1

‎05-16-2019 06:40 AM

Can u pls let us know, whats the exact test case you are working ?

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)
0 Helpful

computerone1
Level 1
Level 1
In response to Sathiyanarayanan Ravindran

‎06-01-2019 04:15 AM

I am experimenting with static ACL/static vlan scenarios, and dynamic ACL/dynamic vlan using RADIUS.

You are right, my experimentings show that it is required for RADIUS-based named ACL.

It doesn't seem required for static ACLs. I have to check this point again.

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card