Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
785
Views
0
Helpful
2
Replies

WLC | Flexconnect | ISE | ACL

Wouter Dijkstra
Level 1
Level 1

‎09-20-2017 01:03 PM - edited ‎07-05-2021 07:40 AM

Hi Everyone! 

 

I have a problem with the assigning of the right acl to a correct authenticated user, 

The setup:

- 2 Cisco 5520 wlc's

- a couple of 2802i and 2702i accespoints

- 2 ISE 2.2 p3 installations

- Cisco 2960x POE+ switches

The flexconnect setup with assigning the right vlans by a simple WPA2 authentication works fine, 

Flexconnect in use with a Guest portal authenticated en accounted by ISE works also fine, 

even Flexconnect, ISE and the Pre-Authweb Acl works correct, 

 

Once the user or mobile device is connected the connection fully open trough the complete network, 

i can't figure out where to place the correct acl to restrict the authenticated user to only internet usage, 

 

I'll hope you can help or suggest a sollution!

 

Grtz Wouter

Labels:
0 Helpful
2 Replies 2

Rasika Nayanajith
VIP
VIP

‎09-20-2017 05:15 PM

"i can't figure out where to place the correct acl to restrict the authenticated user to only internet usage."

I would apply it under SVI defined for wireless user vlan.

 

HTH

Rasika

 

0 Helpful

Wouter Dijkstra
Level 1
Level 1
In response to Rasika Nayanajith

‎09-20-2017 11:23 PM - edited ‎09-20-2017 11:33 PM

Rasika, 

 

Thx for the reply, yes it gives the effect i want to have, but...., 

we have 5 branches with all 2 routers (Hsrp), when i want to change or add a rule to the acl i have to fix about 9 times (excluding the 1sth), i was hoping that there would be an simpler sollution for the acl, like a central acl somthing like the "pre-webauth" acl's

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card