NAC ACL GuestUser

Answered Question
Jul 3rd, 2008

I have NAC setup for user-based role VLAN assignment deployed as OOB VG L2. I have a default access, authentication, and user VLAN setup. The user VLANis for guest. So, a guest opens there broswer and the guest is prompted to enter credentials. Credentials are accepted. The browser refreshes IP and I get a "Limited connectivity...169.254.etc...". I get this error when I apply the below ACL to the 'user vlan' interface (i.e. ip access-group 110 in), when the ACL is not assign everything works fine and the guest can roam my entire internal network. My DHCP/DNS is on the 10.0.0.0 network. Anyone have any ideas why I am getting this error?

access-list 110 deny ip 192.168.41.0 0.0.0.255 10.0.0.0 0.255.255.255

access-list 110 deny ip 192.168.41.0 0.0.0.255 172.16.0.0 0.15.255.255

access-list 110 permit ip 192.168.41.0 0.0.0.255 192.168.41.0 0.0.0.255

access-list 110 deny ip 192.168.41.0 0.0.0.255 192.168.0.0 0.0.255.255

access-list 110 permit ip 192.168.41.0 0.0.0.255 any

I have this problem too.
0 votes
Correct Answer by pcomeaux about 8 years 6 months ago

Hi there -

What Vlan and IP does the guest user have when he experiences the web page challenging credentials?

What vlan and IP do you want the guest to have once the guest authenticates as a guest?

My initial thought is your ACL is denying the DHCP requests and the DNS requests, since you mention the DHCP and DNS are on the 10.0.0.0/8 network.

thxs

peter

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
pcomeaux Mon, 07/07/2008 - 13:18

Hi there -

What Vlan and IP does the guest user have when he experiences the web page challenging credentials?

What vlan and IP do you want the guest to have once the guest authenticates as a guest?

My initial thought is your ACL is denying the DHCP requests and the DNS requests, since you mention the DHCP and DNS are on the 10.0.0.0/8 network.

thxs

peter

gomeso Mon, 07/14/2008 - 04:34

Peter,

Thank you for your assistance!!! It was the ACL denying the DHCP requests and the DNS requests.

-K

Actions

This Discussion