05-20-2021 09:05 PM - edited 07-05-2021 01:19 PM
hi,
currently we have 9800 vwlc integrated with ISE. the requirement is that when mobile connects to SSID ((flexconnect SSID with Layer2 WPA2 and 802.1x), it can access only internet and should connect to internal resources except for dns and dhcp purpose.
i tried following but nothing is working.
1.configured acl (for testing acl is permit ip any any) on 9800vwlc and called this ACL using airspace-acl as well as filter id but after i apply it to authorization policy, user is not able to connect to SSID .
2. configured acl (for testing acl is permit ip any any) on 9800 and configure WLAN ACL (Configuration > Policy > Policy Profile > Access Policies (tab)> WLAN ACL) and point it to ACL configured on same WLC. and i am getting incorrect ACL error.
is it possible to configure ACL per SSID or per user session when user is authenticated via 802.1x.
Regards
Naray
05-21-2021 06:43 AM
What version of code are you using?
WLAN ACL is working fine for us on 17.5.1 - applied to the policy profile - WLAN IPv4 ACL on Access Policies tab on the GUI.
On CLI:
wireless profile policy <policyname>
ipv4 acl <acl-name>
05-21-2021 07:18 AM
hi,
version is 17.03.01
05-21-2021 08:07 AM
Can't remember if we tried it on 17.3.1.
You could try 17.5.1 or at least 17.3.3.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide