02-22-2021 02:11 AM - edited 07-05-2021 01:16 PM
Hi, Community Member
Test environment:
Third-party vendor has a Radius cloud server, Company has a Cisco WLC 3504 is authenticated and authorized through by public Radius Server.
1/Create user on the server.
2/Config AAA on the wlc and WAN profile.
3/match Test SSID on the wlc and open status.
Use of PC for 802.1x certification , the user connection SSID is normal, but the DACL pushed by the server is not in effect.
By the caught found that the server has sent DACL to the public network address of WLC,
It is normal for third party vendors to report that they have passed tests with Cisco switches, Vendor asked me to check the Cisco WLC configuration.
I am confused and wonder if this approach also supports Cisco WLC?
02-22-2021 09:19 AM
I am not sure that AireOS supports the dACL. There is a specific ACL that we push out of our radius server (Cisco ISE). Here is the result we send upon authorization:
Access Type = ACCESS_ACCEPT
Airespace-ACL-Name = Web_Access_Allowed
02-22-2021 10:41 PM
Hi, brother
I found out it,forward down link :
About :Note of DACL
Note: dACL is only supported in centrally switched traffic
so,If it's not iOS or iOS-XE devices, but can be redirected through Web-Auth, For example: LWA or CWA
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide