Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
588
Views
5
Helpful
2
Replies

Third-party vendors Radius Cloud push DACL to Cisco WLC issue

chunchao wei
Level 1
Level 1

‎02-22-2021 02:11 AM - edited ‎07-05-2021 01:16 PM

Hi, Community Member

 

    Test environment:

     Third-party vendor has a Radius cloud server, Company has a Cisco WLC 3504 is authenticated and authorized through by public Radius Server. 

1/Create user on the server.

2/Config AAA on the wlc and WAN profile.

3/match Test SSID on the wlc and open status.

Use of PC  for 802.1x certification , the user connection  SSID is normal, but the  DACL pushed by the server is not in effect.

 

By the  caught found that the server has sent DACL to the public network address of WLC,

 

It is normal for third party vendors to report that they have passed tests with Cisco switches,  Vendor asked me to check the Cisco WLC configuration.

 

I am confused and wonder if this approach also supports Cisco WLC?

 

 

  •  

Labels:
0 Helpful
2 Replies 2

Wes Schochet
Level 3
Level 3

‎02-22-2021 09:19 AM

I am not sure that AireOS supports the dACL.  There is a specific ACL that we push out of our radius server (Cisco ISE).  Here is the result we send upon authorization:

 

Access Type = ACCESS_ACCEPT
Airespace-ACL-Name = Web_Access_Allowed

 

 

 

chunchao wei
Level 1
Level 1

‎02-22-2021 10:41 PM

Hi, brother

I found out it,forward down link :

https://community.cisco.com/t5/security-documents/ise-and-catalyst-9800-series-integration-guide/ta-p/3753060#toc-hId--689850627 

About :Note of DACL

Note: dACL is only supported in centrally switched traffic


so,If it's not iOS or iOS-XE devices, but can be redirected through Web-Auth, For example: LWA or CWA

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card