I've implemented Cicso ISE 3495's with the advanced subscription license. I've built my policy sets, and authorization profiles. It all works great! Here's the issue that I'm having. I have internal employees who bring in their own devices (BYOD). I want to allow them onto the secured SSID that I've created, but only want to give them access to the intra/internet. I've created an ACL (EmpInternetOnly) on the WLC. Here are my rules:
I can get to the intranet, with no issue (ACL lines 1-4). I can't get to the internet whatsoever. I see everything falling down to the deny statement. When I remove the deny statement (ACL line 14), and put a permit all, then the internet works with no issue. Am I missing something here? I've researched this topic on several message boards, but can't find an answer. I've tried to run the acl debug, on the controller, but do not see any output when I run it. It might be because I don't understand the proper format of how to set it up. Any and all replies would be much appreciated! Thanks!
Steve