07-13-2016 02:04 PM - edited 07-05-2021 05:25 AM
Hi Everybody.
I am trying to get my DNS access-list to work on 2502 8.2 code WLC. But for some reason it dosent work in the Pre_auth (nac access phase) of the guest solution. The guest user are being redirected to my portal page. ( I am using layer2 security where ISE sends the redirect and acl av pairs back to WLC ). Does anybody know why this dosent work with DNS access-lists?
(My pre_auth acl does contain both IP address and DNS names)
btw. What I want to do is to give my guest users access to my portal page (login page with redirection) but they should also be able to access some certain websites it could be cnn.com/2015/news for example before they are actually authenticated. After authentication they should have full access which works without any problems.
07-13-2016 07:02 PM
Hi
Which version are you using?
There was a bug (CSCus61445) and normally it should be solved on latest release.
Have a look here:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCus61445
Thanks
PS: Please don't forget to rate and mark as correct answer if this solved your issue
07-14-2016 05:55 AM
As already mentioned. I am using code 8.2 which should t be affected by that bug.
07-14-2016 09:25 AM
Hi
did you took client debugs on wlc to see if it's working?
could you maybe paste the debug?
otherwise you'll need to check with TAC if you're facing issue even after applying the bug fix.
07-14-2016 09:33 AM
Yes. the only thing I see in the debug regarding the access-list is this.
*apfReceiveTask: Jul 13 11:21:08.608: 00:24:d7:2f:5d:08 Sending DNS Snooping - snooping[1] Virtual IP[192.0.2.1] Acl[Pre_External_Auth]
Is there any debug command that shows when access-list are allowing or denying on WLC?
07-14-2016 01:39 PM
You can try debug packet logging acl ip or do a packet capture.
Could you paste your acl just to have a look? Otherwise you'll need to call TAC.
07-13-2016 07:43 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide