Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1235
Views
0
Helpful
1
Replies

Preauth ACL in WLC 9800 Behaviour

Go to solution
ramziabdelhak
Level 1
Level 1

‎06-25-2023 05:26 PM

Hello everyone,

I need to configure a preauth ACL for webauth " CWA ". In fact, i am migrating from a WLC 2500 to WLC 9800, and the confusion is in the permit/deny enries, on the 2500, they say :

"this ACL is referenced in the access-accept of the ISE and defines what traffic should be redirected (denied by the ACL) and what traffic should not be redirected (permitted by the ACL)" 

on the other hand, when reading the config guide of the 9800, they say :

"This redirect ACL is not a security ACL but a punt ACL that defines what traffic goes to the CPU (on permits) for further treatment (like redirection) and what traffic stays on the data plane (on deny) and avoids redirection."

what i understand is that the logic is inversed on the new plateform, i am right ? should i reverse all the entries found on the preauth acl of the 2500 ?

Thanks in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Haydn Andrews
VIP Alumni
VIP Alumni

‎06-25-2023 06:00 PM

Follow this guide for the ACL on the 9800

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213920-central-web-authentication-cwa-on-cata.html#toc-hId-881505252

Deny to ISE, DNS, and permit to www

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Haydn Andrews
VIP Alumni
VIP Alumni

‎06-25-2023 06:00 PM

Follow this guide for the ACL on the 9800

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213920-central-web-authentication-cwa-on-cata.html#toc-hId-881505252

Deny to ISE, DNS, and permit to www

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card