Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
886
Views
0
Helpful
6
Replies

DNS Access-lists on WLC 8.2

Roger Base
Level 1
Level 1

‎07-13-2016 02:04 PM - edited ‎07-05-2021 05:25 AM

Hi Everybody.

I am trying to get my DNS access-list to work on 2502 8.2 code WLC. But for some reason it dosent work in the Pre_auth (nac access phase)  of the guest solution. The guest user are being redirected to my portal page. ( I am using layer2 security where ISE sends the redirect and acl av pairs back to WLC ). Does anybody know why this dosent work with DNS access-lists?

(My pre_auth acl does contain both IP address and DNS names)

btw. What I want to do is to give my guest users access to my portal page (login page with redirection) but they should also be able to access some certain websites it could be cnn.com/2015/news for example before they are actually authenticated. After authentication they should have full access which works without any problems.

Labels:
0 Helpful
6 Replies 6

Francesco Molino
VIP Alumni
VIP Alumni

‎07-13-2016 07:02 PM

Hi

Which version are you using? 

There was a bug (CSCus61445) and normally it should be solved on latest release.

Have a look here: 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCus61445

Thanks

PS: Please don't forget to rate and mark as correct answer if this solved your issue


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Roger Base
Level 1
Level 1
In response to Francesco Molino

‎07-14-2016 05:55 AM

As already mentioned. I am using code 8.2 which should t be affected by that bug. 

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to Roger Base

‎07-14-2016 09:25 AM

Hi

did you took client debugs on wlc to see if it's working?

could you maybe paste the debug?

otherwise you'll need to check with TAC if you're facing issue even after applying the bug fix. 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Roger Base
Level 1
Level 1
In response to Francesco Molino

‎07-14-2016 09:33 AM

Yes. the only thing I see in the debug regarding the access-list is this.

*apfReceiveTask: Jul 13 11:21:08.608: 00:24:d7:2f:5d:08 Sending DNS Snooping - snooping[1] Virtual IP[192.0.2.1] Acl[Pre_External_Auth]

Is there any debug command that shows when access-list are allowing or denying on WLC?

0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to Roger Base

‎07-14-2016 01:39 PM

You can try debug packet logging acl ip or do a packet capture. 

Could you paste your acl just to have a look? Otherwise you'll need to call TAC. 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

mohanak
Cisco Employee
Cisco Employee

‎07-13-2016 07:43 PM

Refer link : https://supportforums.cisco.com/discussion/12352866/dns-based-acl-wlc

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card