Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6420
Views
10
Helpful
2
Replies

C9800L ACL Fail when ISE use DACL

Go to solution
Ziv
Level 1
Level 1

‎08-28-2021 12:56 AM - edited ‎08-28-2021 01:07 AM

My C9800 software 17.3.3  and ISE 2.7p4, then wlc is fabric mode.

I check the Configuration Guide, I have config named authorization network method list.

I test wire connect is noproblan for DACL,But test connect wireless SSID fail,erro log bleow:

Aug 28 14:55:30: %CLIENT_EXCLUSION_SERVER-5-ADD_TO_BLACKLIST_REASON_DYNAMIC: Chassis 1 R0/0: wncmgrd: Client MAC: 9cb6.d093.5251 was added to exclusion list associated with AP Name:10F-AP04, BSSID:MAC: 70f0.xxxx.xxxx, reason:ACL failure
Aug 28 14:55:30: %SESSION_MGR-5-FAIL: Chassis 1 R0/0: wncd: Authorization failed or unapplied for client (9cb6.d093.5251) on Interface capwap_900001a6 AuditSessionID D2C416AC000011E08B8AB8EA. Failure Reason: ACL Failure. Failed attribute name #ACSACL#-IP-DENY_ALL_IPV4_10.86.59.7-61289be5.

 

This is c9800 config guid:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-3/config-guide/b_wl_17_3_cg/m_conf_ipv4_acl_ewlc.html

 

There are ISE and C9800 config picture in attachment file.

Is this my config issue?

 

 

 

 

 

Preview file
56 KB
Preview file
78 KB
Preview file
151 KB
Preview file
173 KB
1 Accepted Solution

Accepted Solutions

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame

‎08-28-2021 02:30 AM

 

 - FYI https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw89561

           https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv16183

  M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

View solution in original post

2 Replies 2

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame

‎08-28-2021 02:30 AM

 

 - FYI https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw89561

           https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv16183

  M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni

‎08-28-2021 04:24 AM

DACL is not supported officially in 9800 platforms as per TAC.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card