cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3456
Views
10
Helpful
13
Replies

FlexConnect policy ACL assignment disappears

PERI_Admin
Level 1
Level 1

We are using a Cisco 5520 Wireless Controller with software version 8.3.131.0. But the problem also occured with the former 8.1.102.0 software version.

 

All APs are running in FlexConnect Mode. Moreover we assign an "External WebAuthentication ACL" to every AP. This can be done via GUI (enter AP details --> FlexConnect --> PreAuthentication Access Control Lists --> External WebAuthentication ACLs --> Policies --> Add Policy ACL) or via CLI (config ap flexconnect policy acl add <ALCNAME> <APNAME>).

 

Basically this setup is running very fine. But there can be problems if an APs gets restarted or the WAN connection to the AP is down. After the AP reconnects to the WLC sometimes the ACL assignment is gone. All other settings are not affected. This behaviour is very random and can not be manually triggered. Furthermore we have several different AP models running (1702, 2702, 2802, 1832, 1532) and the problem could occor on every model.

 

Did someone notice similar problems or can someone explain why this happens?

13 Replies 13

Hi,

 

   Create a flexconnect group instead and map the on the Group, this way, the AP heritage the config from group.  

  Of course, this does not justify the problem but can be a workaround until you fix it. Although config by AP group allows for better manageability.

 

 

-If I helped you somehow, please, rate it as useful.-

Thanks for your fast answer. I'll do that and let you know if that fixes my problem.

Saravanan Lakshmanan
Cisco Employee
Cisco Employee
Move to latest 8.3 code and enable following aggregation as best practice!
(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.3.133.0


(Cisco Controller) >show advanced capwap-message-aggregation

CAPWAP message aggregation....................... Disabled

(Cisco Controller) >config advanced capwap-message-aggregation enable


(Cisco Controller) >show advanced capwap-message-aggregation

CAPWAP message aggregation....................... Enabled

I did a software update and activated aggregation. Can you explain the purpose of this setting please? I cannot find any documentation about it.

This feature is to aggregate capwap messages and useful in flexconnect deployment to avoid missing updates and to properly maintain capwap messaging queue. I think, it's yet to get documented. This feature is enabled by default on future codes starting 8.5,...

PERI_Admin
Level 1
Level 1
Unfortunately both settings did not help. There were two access points that lost the ACL assignment during the weekend.
Any other ideas or should I open a case?

You mean that flexconnect group didn´t work?  That´s estrange. 

Well, if you are able to open a TAC, I´d go for it.

 

 

 

 

-If I helped you somehow, please, rate it as useful.-

No flexconnect group works fine but the policy assignment under "FlexConnect Groups --> ACL Mapping --> Policies" does not work.

On Cisco docs, we can read as follow:

"WebPolicy ACL is used for Conditional Web Redirect, Splash Page Web Redirect and Central Webauth scenarios."

 

 I´d recommend you to take a close look on the following link. I have the feeling that you may be missing something.

 

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/212481-configure-flexconnect-acl-s-on-wlc.html

 

-If I helped you somehow, please, rate it as useful.-

 

 

 

Yes "WebPolicy ACL" is what I need. I did configure this in the FlexConnect Group but as already mentioned some APs lose this ACL assignment after a restart or reconnect to the WLC controller.

Hi Peri_Admin have you resolved this issue? I am facing the same issue.

 

Thanks.

Unfortunately not. I’ll open a TAC case but I didn’t have time yet. I’m going to update the forum thread if I have any news.




PERI_Admin, I see this is an older thread however I am having the same issues on my 5520 running 8.5 code. Were you able to find a resolution?
Review Cisco Networking for a $25 gift card