I am currently trying to use DNS Based ACL in our WLC test setup, but I am having some trouple.
When i try it out on our Guest Anchor setup with CWA and ISE it does not work.
Is there a limitation to DNS based ACLs I have missed here ?
Any good debug commands are also apreciated :-)
Just a quick explanation of the setup.
One Guest Anchor controller with the guest WLAN attached, and a normal IP ACL that permits access to the ISE CWA page.
On the same ACL on the Anchor WLC I have added some URLs to permit access to fx. facebook.
The WLAN and ACL are excatly the same on the Non-Guest-anchor controller.
When i connect a client to a AP connected to the Non-guest-anchor controller, I get an IP in the right VLAN on the Anchor controller, and I am able to access the CWA page on ISE. - I can also see on both controllers, that the client has been applyed with the dns based acl by CWA / ISE.
But when i try to access Facebook I get a ssl error page.
If i connect the client to a AP connected to the Guest-anchor controller everything works.
I get the CWA page and am able to access Facebook.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...