Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

CSCup98797 - DNS-Based ACLs only work with radius NAC

I,m trying to use DNS-based ACL with pre-authentication ACL, in order to allow access to some URL's before the client will be authenticate by external captive portal without RADIUS

In the bug search web, this bug appears as fixed, but i,m running 7.6.130 code in WLC 5500 and the behavior is the same, URL's has not effect because i,m not using RADIUS.

I see in the Cisco Wireless LAN Controller Configuration Guide, Release 8.0 the following advice:

  • DNS-based ACLs work only when RADIUS NAC (central web authentication or posture) are done on the SSID. DNS-based ACLs do not work with local web authentication or any other form of ACL other than a redirect-ACL used in the case of RADIUS NAC.

so in 8.0 code the behavior is the same as 7.6.130

I can't understand why Cisco WLC is not able to permit access using URL's instead of ip address without RADIUS, most manufactures can do it, even Meraki that now is part of Cisco can do this. Is imposible open thousand of ip address in the ACL if you want to open facebook or akamai for example.


Anybody knows a workarround to achieve this? 



CreatePlease to create content