Solved: ACL - WLC Webauth functionality

madhankumar.g · ‎09-30-2012

Hi,

We have Wireless Guest access implemented in the site using WLC webauth functionality. The IP address pool used for guest access is having access to internal devices other than internet.

We are implementing access-list in the gateway of the guest users to restrict their access only to internet.

but after implementing the ACL, Guest authentication web page is not being recieved by clients and they are not able to authenticate.

Below is the ACL used in the gateway. Please suggest if any other ports or protocols need to be allowed. Thanks.

IP access-list extended PNU_GUEST_ACL

10 permit ip <Guest subnet> <WLC-subnet>

15 permit ip <Guest subent> <WCS-subnet>

20 permit ip <Guest subnet> <proxy-ip> <proxy port>

30 permit tcp <Guest subnet> <DNS IP> <port 53>

40 permit ip <Guest subnet> host 1.1.1.1

50 permit ip <Guest subnet> <DHCP IP> <port 67>

60 permit ip any <Guest subnet>

70 deny ip any any

The access-list is applied in "IN Direction" on the gateway interface of guests.

Regards,

Madhan kumar G

Scott Fella · ‎09-30-2012

Well you can create a pre auth acl which allows DNS, DHCP, permit any to the WLC.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎09-30-2012

Well you can create a pre auth acl which allows DNS, DHCP, permit any to the WLC.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

madhankumar.g · ‎10-01-2012

Thanks Scott. Your suggestion really helped. I have created pre auth ACLs and achieved positive results.

Regards,

Madhan kumar G

Scott Fella · ‎10-01-2012

Good to hear... Thanks for using the rating system also!

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***