Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AP1242 + Per User ACL?

Hello,

I am in the process of configuring Network Access Protection and just found out you can apply user based ACLs in the Network Policy.  Will this work with a Cisco AP1242 in Autonoumous mode?  I saw some configuration guides for configuring User ACLs using the wireless controllers but not just Radius.

I have added the Vendor Specific Attribute of "Cisco-AV-Pair with two values of

priv-lvl=15

ip:inacl#10=deny icmp any any

I would expect all traffic to be denied when the user logs in due to the explict deny at the end of an ACL but I am not seeing that so I was unsure if Per-User ACLs work on standalone AP1240s.

I could add another rule to allow other traffic but I just want to see if the ACL would apply on a per-user/per-session bassis on the AP1200.

ip:inacl#100=permit ip any any

Thanks.

7 REPLIES
New Member

AP1242 + Per User ACL?

So does anyone know if Per-User ACLs work on the AP1240s?

Hall of Fame Super Gold

AP1242 + Per User ACL?

Per username = NO

Per MAC address = YES

New Member

AP1242 + Per User ACL?

I was hoping that the "Per-Port" ACL would apply on each unique connection.  There must be some way to apply an ACL to the wireless connection from a radius.

Hall of Fame Super Gold

AP1242 + Per User ACL?

I was hoping that the "Per-Port" ACL would apply on each unique connection.

Errrr ... The 1242 is a WAP with one FastEthernet port.  Soooooo ... what port?

New Member

AP1242 + Per User ACL?

Well the user session as each session has its own vlan assignment I figured they could do the same and apply the ACL to that.

AP1242 + Per User ACL?

I couldn't see why you couldn't, if you use a radius server with a radius attribute per user. I know with ISE you can push individual ACLs to users.

Check out the below links for reference... I hope these help

https://learningnetwork.cisco.com/thread/21396

http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrdat1.html

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

AP1242 + Per User ACL?

I tried but it didnt seem to work with using a port ACL.  I assume because as stated before there is only one port so where would it apply the ACL.  If there was a way to apply an ACL to the session rather than port then it might work but I dont know what the AV-Pair would need to be configured as to make it work.

704
Views
0
Helpful
7
Replies