Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
435
Views
5
Helpful
1
Replies

WLC2504 configuration w/o Proxy-Server

juaorteg
Level 1
Level 1

‎08-31-2018 02:55 AM - edited ‎07-05-2021 09:04 AM

Hi Experts,

 

Regarding the WLC 2504 I have a doubt, which has arisen when my customer was doing the provisioning of it.

 

When there is Direct Internet access through proxy, a PreAuth ACL (and a PostAuth) ACL are created, this ACL controls the access to the Guest users before being authenticated, that is, it is applied prior to the authentication of the user in the captive portal. Allowing bidirectional traffic between the Guests and the file server that will provide the users' web browsers with the ".pac" file used by the browsers for their auto-configuration. It also allows bidirectional traffic between the Guests and the "DNS" server, for name resolution.

The ACL denies the rest of the traffic.

 

But the question is this:

 

In case of direct Internet access without the use of Proxy-Server, it seems that only the PostAuth rule is made.

In that case, there should still exist a Pre-Auth ACL for that direct output, in which access to the DNS server has to be allowed?

 

Or, on the contrary, it is not necessary to allow DNS resolution in the PreAuth ACL when the output is direct to the Internet…

 

Thanks for your help

Juan

0 Helpful
1 Reply 1

Flavio Miranda
VIP
VIP

‎08-31-2018 04:53 AM

Hi

 The pre-auth ACL will be necessary for web-auth in any scenario. It is not necessary for DNS traffic and DHCP traffic but it will be to permit client to talk with authentication servers.

 

-If I helped you somehow, please, rate it as useful.-

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card