06-02-2010 08:18 AM - edited 07-03-2021 06:51 PM
Currently any vpn user apon connection the network has an ACL pushed from ACS to ASA.
I want to do the same for wireless but I dont use the ASA. Will one of the wireless controllers accept Downloadable ACL's like the ASA ?
Michael
Solved! Go to Solution.
06-02-2010 04:05 PM
NO. Because the ACL syntax on the WLC are different.
06-02-2010 10:15 AM
You can create an ACL on the controller and have the Radius server apply that ACL to specifiec users .
http://www.cisco.com/en/US/docs/wireless/controller/6.0/configuration/guide/c60sol.html#wp1086421
06-02-2010 10:39 AM
Dan,
That would be tricky at best. If its per user would mean 10,000 ACL at about 200 lines each. hmmm that won't fit on a 4402 now will it ?
I'm using RSA authentication, If I can do it like I do with the ACS/RSA on a per group basis would drop to about 144 ACLs at about 200 lines.
Correct me if I'm wrong but I can't use the ASA with DACL unless I'm using IpSec.
At this point I'm not limiting myself to the Wireless controllers I thought it would be the simplest solution.
06-02-2010 04:05 PM
NO. Because the ACL syntax on the WLC are different.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide