09-20-2017 01:03 PM - edited 07-05-2021 07:40 AM
Hi Everyone!
I have a problem with the assigning of the right acl to a correct authenticated user,
The setup:
- 2 Cisco 5520 wlc's
- a couple of 2802i and 2702i accespoints
- 2 ISE 2.2 p3 installations
- Cisco 2960x POE+ switches
The flexconnect setup with assigning the right vlans by a simple WPA2 authentication works fine,
Flexconnect in use with a Guest portal authenticated en accounted by ISE works also fine,
even Flexconnect, ISE and the Pre-Authweb Acl works correct,
Once the user or mobile device is connected the connection fully open trough the complete network,
i can't figure out where to place the correct acl to restrict the authenticated user to only internet usage,
I'll hope you can help or suggest a sollution!
Grtz Wouter
09-20-2017 05:15 PM
"i can't figure out where to place the correct acl to restrict the authenticated user to only internet usage."
I would apply it under SVI defined for wireless user vlan.
HTH
Rasika
09-20-2017 11:23 PM - edited 09-20-2017 11:33 PM
Rasika,
Thx for the reply, yes it gives the effect i want to have, but....,
we have 5 branches with all 2 routers (Hsrp), when i want to change or add a rule to the acl i have to fix about 9 times (excluding the 1sth), i was hoping that there would be an simpler sollution for the acl, like a central acl somthing like the "pre-webauth" acl's
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide