I am in the process of configuring Network Access Protection and just found out you can apply user based ACLs in the Network Policy. Will this work with a Cisco AP1242 in Autonoumous mode? I saw some configuration guides for configuring User ACLs using the wireless controllers but not just Radius.
I have added the Vendor Specific Attribute of "Cisco-AV-Pair with two values of
ip:inacl#10=deny icmp any any
I would expect all traffic to be denied when the user logs in due to the explict deny at the end of an ACL but I am not seeing that so I was unsure if Per-User ACLs work on standalone AP1240s.
I could add another rule to allow other traffic but I just want to see if the ACL would apply on a per-user/per-session bassis on the AP1200.
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
I tried but it didnt seem to work with using a port ACL. I assume because as stated before there is only one port so where would it apply the ACL. If there was a way to apply an ACL to the session rather than port then it might work but I dont know what the AV-Pair would need to be configured as to make it work.