06-02-2010 08:18 AM - edited 07-03-2021 06:51 PM
Currently any vpn user apon connection the network has an ACL pushed from ACS to ASA.
I want to do the same for wireless but I dont use the ASA. Will one of the wireless controllers accept Downloadable ACL's like the ASA ?
Michael
Solved! Go to Solution.
06-02-2010 04:05 PM
NO. Because the ACL syntax on the WLC are different.
06-02-2010 10:15 AM
You can create an ACL on the controller and have the Radius server apply that ACL to specifiec users .
http://www.cisco.com/en/US/docs/wireless/controller/6.0/configuration/guide/c60sol.html#wp1086421
06-02-2010 10:39 AM
Dan,
That would be tricky at best. If its per user would mean 10,000 ACL at about 200 lines each. hmmm that won't fit on a 4402 now will it ?
I'm using RSA authentication, If I can do it like I do with the ACS/RSA on a per group basis would drop to about 144 ACLs at about 200 lines.
Correct me if I'm wrong but I can't use the ASA with DACL unless I'm using IpSec.
At this point I'm not limiting myself to the Wireless controllers I thought it would be the simplest solution.
06-02-2010 04:05 PM
NO. Because the ACL syntax on the WLC are different.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: