05-16-2019 02:35 AM - edited 07-05-2021 10:24 AM
Hi
I really need to understand this command role:
config flexconnect group group-name policy acl add acl-name
(Hardware used: Cisco Aironet 1815I/Mobility Express 8.8)
It is very poorly/badly doccumented.
( I think it is present in the Mobility Express WebGUI as Menu/Advanced/Security Settings/Policy ACL toggle button)
Thanks for any help
!!
05-16-2019 03:22 AM
For an example if you are pushing a ACL to your wireless clients through radius server authorization policy for restricting their access. In that scenario like switch, WLC will not support dACL. So you have to configure the ACL rules in the WLC and that name has to be present in the Authorization Result. So that it will be applied to the client via radius server.
For Local mode AP, Since the traffic is going through the WLC. You don't need to push the ACL on all the APs. ACL configured on controller will be applied only the Airespace ACL name will be applied through radius
But in the flex-connect scenario, You have to apply those ACLs created under Flex ACL in to all the APs or to the Flex connect groups.
Hope this helps you.
05-16-2019 05:18 AM - edited 05-16-2019 05:19 AM
Thank you for your answer. For what I'm testing now, It doesn't seem required for FlexConnect static Vlan/ACL mappings. So is it only required for RADIUS/ACL mappings? Is this the role of this command?
05-16-2019 06:40 AM
Can u pls let us know, whats the exact test case you are working ?
06-01-2019 04:15 AM
I am experimenting with static ACL/static vlan scenarios, and dynamic ACL/dynamic vlan using RADIUS.
You are right, my experimentings show that it is required for RADIUS-based named ACL.
It doesn't seem required for static ACLs. I have to check this point again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide