Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

DNS Based ACL, CWA and guest anchor controller ?

Hi all

I am currently trying to use DNS Based ACL in our WLC test setup, but I am having some trouple.

When i try it out on our Guest Anchor setup with CWA and ISE it does not work.

Is there a limitation to DNS based ACLs I have missed here ?

Any good debug commands are also apreciated :-)

 

 

 

Just a quick explanation of the setup.

One Guest Anchor controller with the guest WLAN attached, and a normal IP ACL that permits access to the ISE CWA page.

On the same ACL on the Anchor WLC I have added some URLs to permit access to fx. facebook.

 

The WLAN and ACL are excatly the same on the Non-Guest-anchor controller.

 

When i connect a client to a AP connected to the Non-guest-anchor controller, I get an IP in the right VLAN on the Anchor controller, and I am able to access the CWA page on ISE. - I can also see on both controllers, that the client has been applyed with the dns based acl by CWA / ISE.

But when i try to access Facebook I get a ssl error page.

If i connect the client to a AP connected to the Guest-anchor controller everything works.

I get the CWA page and am able to access Facebook.

 

/Thomas

 

PS:

Maybe im hitting a variant of bugID: CSCul20184

334
Views
0
Helpful
0
Replies
CreatePlease to create content