01-03-2024 11:10 PM
Hello
i want to know "Preauthentication ACL " in the wlc cisco is used in the wlc regardless of switched local or switch centralized in the deployment wifi ??
i wait a reply from expert wifi
Thanks
Solved! Go to Solution.
01-04-2024 08:45 AM
Hello @dhikra-marghli8
In this context of Cisco WLC, the preauthentication ACL and DNS serve different purposes but they can be related in certain scenarios.
The preauthentication AcL is used to filter traffic before a client completes the full authentication process. It is applied during the preauthentication phase, allowing the WLC to filter traffic based on certain criteria before granting full network access to the client.
The preautent ACL doesn't have a direct proxy relationship. It primarily deal with filtering traffic based on IP addresses, protocols, or port numbers during the early stages of client association.
DNS is crucial for resolving domain names to IP addresses, and it plays a role in how clients connect to resources on the network. In a wireless environment, DNS might be involved when clients attempt to resolve domain names for the services they are trying to access.
If a preauth ACL is configured to filter traffic based on IP addresses or domains, DNS resolution could be affected. For example, if the preauth ACL blocks access to specific domains or IP addresses, DNS requests for those domains might not succeed, impacting the client's ability to connect to certain resources.
It's very important to carefully design and configure the preauth ACL to avoid unintended consequences. If DNS filtering is required for security or policy reasons, it should be included in the ACL with a clear understanding of how it might impact DNS resolution.
01-04-2024 09:16 AM
There are two secuirty in wireless
One is l2 secuirty
Other is l3 secuirty
From name l3 secuirty work in l3 layer
This make wifi client need IP to auth itself to wlc via web.
So we need preauth to make wifi client get IP from dhcp server
Now after wifi client get IP the wifi client try to connect to any http website and this need dns so wifi send dns requests' and hence we need to allow dns via preauth acl.
After that the wlc redirect the traffic from wifi client to website to it page (lwa) or ise page (cwa)
Here the wifi client see web auth page' and after enter username and password and success auth it can access internet normally.
MHM
01-03-2024 11:27 PM
In central switching yes, for flexconnect read point 3 onward under procedure in this document
01-03-2024 11:33 PM
Hi
thanks for your reply
i don't understand you !!
i want more explain for this point
Thanks
01-04-2024 12:57 AM - edited 01-04-2024 12:59 AM
Preauth need for web auth
LWA or CWA both need wifi client have IP to connect to proxy
and so both need preauth to allow client to get IP and connect to DNS
MHM
01-04-2024 01:00 AM
what is the proxy relationship with Preauthentication ACL " in the wlc ??
and please what's the relationship DNS with Preauthentication ACL ??
i wait a reply
Thanks
01-04-2024 08:45 AM
Hello @dhikra-marghli8
In this context of Cisco WLC, the preauthentication ACL and DNS serve different purposes but they can be related in certain scenarios.
The preauthentication AcL is used to filter traffic before a client completes the full authentication process. It is applied during the preauthentication phase, allowing the WLC to filter traffic based on certain criteria before granting full network access to the client.
The preautent ACL doesn't have a direct proxy relationship. It primarily deal with filtering traffic based on IP addresses, protocols, or port numbers during the early stages of client association.
DNS is crucial for resolving domain names to IP addresses, and it plays a role in how clients connect to resources on the network. In a wireless environment, DNS might be involved when clients attempt to resolve domain names for the services they are trying to access.
If a preauth ACL is configured to filter traffic based on IP addresses or domains, DNS resolution could be affected. For example, if the preauth ACL blocks access to specific domains or IP addresses, DNS requests for those domains might not succeed, impacting the client's ability to connect to certain resources.
It's very important to carefully design and configure the preauth ACL to avoid unintended consequences. If DNS filtering is required for security or policy reasons, it should be included in the ACL with a clear understanding of how it might impact DNS resolution.
01-04-2024 09:16 AM
There are two secuirty in wireless
One is l2 secuirty
Other is l3 secuirty
From name l3 secuirty work in l3 layer
This make wifi client need IP to auth itself to wlc via web.
So we need preauth to make wifi client get IP from dhcp server
Now after wifi client get IP the wifi client try to connect to any http website and this need dns so wifi send dns requests' and hence we need to allow dns via preauth acl.
After that the wlc redirect the traffic from wifi client to website to it page (lwa) or ise page (cwa)
Here the wifi client see web auth page' and after enter username and password and success auth it can access internet normally.
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide