Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DNS based ACL doesn't work

Hi,

has anybody experience with settings DNS based ACL?

We need to allow iPads / iPhones to allow Apple App Store, however they are using Akamai network for that. Since WLC support only 64 rules, it's impossible to add all the subnets.

So I think, that the DNS based ACL can do it's job here. However it doesn't work as expected.

 

I put the string into the correct ACL:

 

URLs configured in this ACL
---------------------------
*.apple.co

 

And when I tried with the client, the access is still denied.

 

Here is the detail for the client:

 

Policy Manager State............................. WEBAUTH_REQD
Policy Manager Rule Created...................... Yes
AAA Override ACL Name............................ MDMOnboarding
AAA Override ACL Applied Status.................. Yes
AAA Override Flex ACL Name....................... none
AAA Override Flex ACL Applied Status............. Unavailable
AAA URL redirect................................. https://x.x.x.x/mifs/c/d/clientdownload.html

--More-- or (q)uit
Audit Session ID................................. 0a9a05e10000072453e89a71
AAA Role Type.................................... none
Local Policy Applied............................. none
IPv4 ACL Name.................................... NoPrivateNetworks

 

And the Allowed (URL) IP Addresses are not populated as it should be.

 

--More-- or (q)uit
      DNS server IP ............................. 194.228.41.113
      DNS server IP ............................. 8.8.8.8
Assisted Roaming Prediction List details:


 Client Dhcp Required:     True
Allowed (URL)IP Addresses
-------------------------

 

Does anybody have an idea?

 

WLC version is 7.6.120.0

 

Thanks!

 

K.

Everyone's tags (1)
239
Views
0
Helpful
0
Replies