Re: small vWLC version 8.5.161.0 and AAA VLAN ACL Mapping

albertofdez · ‎09-30-2020

Hi guys,

I have a small vWLC version 8.5.161.0 with 16 AIR-AP1832I-E-K9 APs and this configuration:

- Single SSID with WPA2 and Auth (802.1X) Advanced -> FlexConnect Local Switching
- It has 27 VLANs in different networks, in the vWLC there is created an interface per VLAN of Dynamic type
- In the Radius server there are 27 rules created for the assignment of each VLAN depending on the Microsoft AD group
- The interface associated with the only SSID is called dummy and belongs to a VLAN that does not exist in the customer's network
- Within FlexConnect Groups in the group 'default-flex-group' -> ACL Mapping -> AAA VLAN ACL Mapping all VLANs are registered

All of this works perfectly, but I can only create 16 entries in "AAA VLAN ACL Mapping" and I have 27 VLANs.

Is this limitation because the controller is virtual?
Is it because of the version 8.5.161.0 that the vWLC has?
Can it be configured differently by having a vWLC with version 8.5.161.0 and being able to use all 27 VLANs?

Thanks.

Rasika Nayanajith · ‎09-30-2020

No, these limitations not specific to the size of the vWLC spec or AireOS code version.

As per below max 16 policy applicable to web policy ACL "WLAN-ACL mapping" rather "AAA VLAN-ACL mapping"

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/212481-configure-flexconnect-acl-s-on-wlc.html

In your case, would it possible to have common ACL defined for (ingress or egress) and applied it to configured VLAN IDs?

HTH

Rasika

*** Pls rate all useful responses ***

albertofdez · ‎09-30-2020

Hi Rasika,

I don't understand this telling me "In your case, would it be possible to have a common ACL defined for (input or output) and apply it to the configured VLAN IDs?"

Although I create a common ACL (input or output) I can only associate it to 16 VLAN IDs in this window of the image I attached.

Thanks.