I have NAC setup for user-based role VLAN assignment deployed as OOB VG L2. I have a default access, authentication, and user VLAN setup. The user VLANis for guest. So, a guest opens there broswer and the guest is prompted to enter credentials. Credentials are accepted. The browser refreshes IP and I get a "Limited connectivity...169.254.etc...". I get this error when I apply the below ACL to the 'user vlan' interface (i.e. ip access-group 110 in), when the ACL is not assign everything works fine and the guest can roam my entire internal network. My DHCP/DNS is on the 10.0.0.0 network. Anyone have any ideas why I am getting this error?
access-list 110 deny ip 192.168.41.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 110 deny ip 192.168.41.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 110 permit ip 192.168.41.0 0.0.0.255 192.168.41.0 0.0.0.255
access-list 110 deny ip 192.168.41.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 110 permit ip 192.168.41.0 0.0.0.255 any
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...